As organizations focus on meeting compliance obligations and adopting new technologies like AI, cybersecurity fundamentals are often quietly eroding. This “cyber deterioration” occurs when alert fatigue, increasing regulatory pressure, and competing priorities gradually weaken core security controls. While many organizations continue to meet baseline requirements, foundational practices slip, and risk accumulates across increasingly interconnected environments.
CTG's Managing Director of Cybersecurity Chad Alessi sat down with Information Security Media Group (ISMG) at the 2026 RSA Conference to discuss the growing risk of cyber deterioration.
"It's not a catastrophic failure of the organization, but a gradual erosion," Alessi said. "Over time, it starts to continue to snowball, and before you know it, you've got a big risk on your hands that you didn't realize...you were going to have."
Data collected across more than 4,000 healthcare organizations illustrate the challenge. Although many have mature security programs, more than a quarter show a consistent decline in overall security posture as supply chain dependencies and third‑party risk expand. To avoid erosion, Alessi emphasizes the importance of embedding third‑party risk into enterprise risk management and continuously monitoring control maturity, policy effectiveness, and alignment with business and security strategy.
Watch the full video interview to learn insights from Alessi on:
- The primary drivers of cyber deterioration, including compliance fatigue, AI adoption, and loss of operational focus
- How supply chain risk is influencing security posture, with insights drawn from healthcare industry data
- The role of a continuous security advisory framework in baselining performance, benchmarking progress, and improving long‑term cyber resilience
If you'd prefer to read the conversation, the full interview is also available as a downloadable e-book.
/1.%20Visuals/Website/Icons/x-twitter.svg){kind=icon}