Focus on better outcomes from a security protection programme
When an organisation suffers a data breach or other cybersecurity incident, it is not judged by whether it had a low number of vulnerabilities or if it spent enough on security tools.