Security is long-term. Most leadership is not.

This is the sixth and final part of the Accountability in Cybersecurity is Broken series, exploring the root causes behind why accountability is critical to our mutual success and why it’s fundamentally broken. If you’ve been following along (Part 1, Part 2, Part 3, Part 4, Part 5), you know I’m fed up. After 30+ years in this industry, I’m tired of watching the same mistakes repeat like a bad rerun. We’ve talked about misaligned incentives, fear-driven sales, and the lack of clear ownership. Now, we’re diving into the final nail in the coffin: our addiction to short-term thinking.

The Instant Gratification Trap

We live in a world obsessed with the now. Social media dopamine hits, same-day delivery, quarterly earnings reports—everything is about instant gratification. Cybersecurity, though? It’s the opposite. Good security is a long game. It’s about building resilient systems, fostering a culture of responsibility, and planning for threats that might not hit for years. But most leaders? They’re playing checkers while the hackers are playing chess.

This short-term mindset is killing us. Companies adopt shiny new tech—AI, IoT, cloud, you name it—faster than Usain Bolt runs the 100-meter. But securing it? That’s an afterthought. We roll out tools and platforms without understanding the risks, because “faster” equals “better” in the race for market share or stock price bumps. Then, when the inevitable breach happens, it’s all finger-pointing and zero accountability.

And it’s not just companies. People do the same thing at home. We rush to buy the newest refrigerator because it can order eggs automatically, or the latest smart speaker because it plays our favorite playlist on command. It’s cool. It’s convenient. But we don’t stop to ask: What happens if this thing gets hacked? We don’t think about what data it collects, where it’s stored, or how it could be used against us. We adopt tech faster than our ability—or desire—to use it responsibly. That’s not just bad decision-making—it’s one of the root causes of why accountability in cybersecurity is broken.

Kicking the Can Down the Road

The short-term obsession shows up everywhere. CEOs and boards prioritize quarterly results over sustainable security strategies. Why invest in a robust cybersecurity program when you can patch a few systems, check a compliance box, and call it a day? CISOs, under pressure to “show results” fast, focus on flashy metrics—number of patches applied, firewalls installed—rather than building a foundation that lasts.

At home, it’s no different. We’ll gladly click “Agree” on the terms and conditions for an app that tracks our kids, orders our groceries, or manages our finances without reading a single line of what we just signed away. We assume “somebody else” has thought through the risks. Spoiler: they haven’t. Companies want your data; securing it is your problem.

And when shit hits the fan? At work, someone gets fired. At home, maybe we cancel a credit card, change a password, or blame the “damn hackers” for stealing our identity. Then? We go right back to the same behaviors. We have the memory of a goldfish and the habits of an addict.

This “kick the can down the road” mentality is why we’re stuck—professionally and personally.

The Cost of Chasing Quick Wins

Let’s break it down. Short-term thinking leads to:

• Reactive Security: We’re always firefighting instead of preventing. A new threat pops up, we buy a new tool. Rinse, repeat. No strategy, just chaos.
• Tech Debt: Slapping bandaids on outdated systems or rushing to deploy untested tech creates a mess that costs more to fix later—if it’s even fixable.
• Erosion of Trust: Customers stop believing companies care about their data. Families stop trusting the tech in their homes. Eventually, nobody trusts anyone.
• Burnout: Security teams are stretched thin, chasing quick fixes while leadership demands instant results. At home, we burn out too—exhausted by password resets, fraud alerts, and scam calls.
• Irresponsible Tech Adoption: Whether it’s AI at work or a Wi-Fi connected toaster at home, we adopt tech before asking, “Can I secure this?” or “Do I even need this?”
• Rushed Judgement: Companies blame interns for billion-dollar breaches. People cancel friendships based on one post, without context. Quick judgements feel decisive but usually backfire.

Short-term thinking doesn’t care about consequences. It cares about comfort. And accountability dies when we prioritize comfort over responsibility.

Information Security Is a Life Skill

This is the piece nobody wants to admit: cybersecurity isn’t just a “work thing.” It’s not just for CISOs, engineers, or IT teams. It’s a life skill.

Think about it:

• Do you know how to spot a phishing email in your personal inbox?
• Do you understand what information your kid’s school app is collecting?
• Do you think twice before buying the smart fridge that knows when you’re low on eggs?

Most people don’t. And why? Because security feels like “extra work.” It feels like something you can put off until later. But later never comes—until it’s too late.

We’re raising generations of people who can’t separate convenience from risk, who think that security is someone else’s problem, and who treat breaches like bad weather—something unfortunate, but inevitable. That’s dangerous. Because the truth is: every one of us is accountable. At work. At home. Everywhere.

Breaking the Cycle

So, how do we fix this? It’s not easy, but it starts with a mindset shift:

• Prioritize Long-Term Strategy: Whether you’re a CEO or a parent, think years, not minutes. Build foundations, not patches.
• Align Incentives: At work, tie leadership bonuses to real risk reduction. At home, reward yourself and your kids for making smart choices online, not just fast ones.
• Own the Mess: Accountability means putting your name on the line. Boards, CEOs, CISOs, parents—if you’re responsible, be responsible.
• Slow Down (A Little): Before signing that vendor contract or buying that new gadget, pause. Ask, “Can I secure this?” If the answer is no, maybe don’t.
• Think Before Judging: Don’t jump to conclusions about breaches, employees, or even people in your life without context. Slow down. Ask questions. Understand before acting.
• Treat Security as a Life Skill: Just like budgeting, cooking, or driving safely, information security should be part of everyday life. Teach it. Practice it. Value it.

Wrapping Up the Series

This series has been my attempt to shine a light on why cybersecurity accountability is broken. From misaligned incentives to fear-driven sales to our obsession with short-term wins, the root causes are clear. But here’s the truth: this isn’t just an industry problem. It’s a people problem. Our addiction to short-term thinking bleeds from our boardrooms into our living rooms, from our quarterly reports into our kitchen appliances.

If we want accountability, we can’t just demand it from companies. We have to demand it from ourselves. That means treating information security as a life skill. That means slowing down, thinking long-term, and being willing to take responsibility—not just for the next quarter, but for the next generation.

I’m not done with this topic. As you may know, I’m currently writing UNSECURITY v2, a follow-up to the original, and in this book I’ll dig much deeper into all this  Frankly, to keep yelling about this until something changes. Stay tuned for that. For now, thanks for reading. Let’s stop kicking the can and start building something that lasts—at work, at home, everywhere.

What do you think?

Drop your thoughts below or hit me up somewhere. If you’re as frustrated as I am, let’s talk about what’s next. Because if we keep doing what we’ve always done, we’ll keep getting screwed.

One last note, Matt Goodacre and I will get candid about this post in our upcoming InfoSec to Insanity episode.