India, May 28 -- Traditionally, cybersecurity investments were largely decided based on compliance obligations or sometimes even plain gut feel. This approach had several limitations - enterprises could end up with solutions that met the bare minimum security requirements but did not offer the best defence; the choice of tools was based on perception rather than protection and performance; investments were often reactive or a forced response to a breach. The shift to a risk-based approach, which prioritised security investments on the basis of threat likelihood or business impact, brought improvements, such as continuous monitoring and adaptive security, enabling organisations to pivot from reactive spending to proactive allocation. Furth...