The breach gap as a structural security problem

Auteur zonder afbeelding icoon
Sander Hulsman
01 July 2026
4 min

The breach gap as a structural security problem

Matt Hull (NCC Group) at Cybersec Netherlands 2026

Most cyber incidents do not happen because attackers use more advanced techniques, but because organisations have an incomplete view of their own digital exposure. Between what security teams believe they are protecting and what is actually externally accessible or misconfigured, a structural gap emerges that is becoming increasingly difficult to close. In the space between assumed control and actual exposure lies the so-called “breach gap”: the difference between the security reality as it is perceived and the reality attackers encounter.

During Cybersec Netherlands 2026, taking place on 9 and 10 September at Jaarbeurs Utrecht, this phenomenon will take centre stage on day two in the keynote by Matt Hull, VP Cyber Intelligence and Response at NCC Group, titled “The breach gap: why you’re easier to breach than you think”. Drawing on incident response and threat intelligence, he will show what this gap looks like in practice: not as a theoretical risk, but as a recurring pattern in real-world compromises where misconfigurations, identity sprawl and hidden exposure often play a greater role than new attack techniques.

Structural blind spots

The growth of the breach gap is directly linked to the way IT environments have evolved. While security models were historically designed for relatively stable infrastructures, today’s reality is dynamic and constantly changing. Cloud platforms scale automatically, APIs are continuously added and identity structures grow beyond traditional governance models.

As a result, organisations increasingly operate with a security picture that is no longer synchronised with the actual situation. Inventories are incomplete, configurations shift without explicit control and assets disappear from view without actually being removed. This mismatch between administration and reality is exactly where exposure arises.

A shifting perspective on cyber risk

In many incidents, attackers are not primarily looking for advanced vulnerabilities, but for existing access points that were already present. These may include forgotten service accounts, overly broad permission structures, misconfigured cloud services or assets that have fallen outside the visibility of security teams.

This development changes the way we look at cyber risk. The central question is no longer only which attack technique is being used, but which digital opportunities have unintentionally become available. Cybersecurity is therefore shifting from a threat-driven discipline to an exposure-driven reality.

Identity as a dominant attack vector

One of the key consequences of this shift is the role of identity. While endpoints and networks traditionally formed the primary attack surface, identities have now become one of the most critical factors. Not only human accounts, but especially machine identities, API tokens and service accounts largely determine how far an attacker can move within an environment.

Over-privilege, long-lived credentials and a lack of ownership mean that many compromises occur without a classic “hack” taking place. Instead, legitimate access is abused within an environment where the context of that access is not monitored closely enough.

Complexity as a structural risk

Alongside identity, complexity is playing an increasingly important role. Modern security organisations have access to a growing number of tools, dashboards and signals, but this does not automatically lead to better insight. On the contrary, the volume of data makes it harder to determine what is truly relevant.

This creates a situation in which security teams mainly operate reactively. Not because signals are missing, but because prioritising them is becoming increasingly difficult in an environment that is constantly changing. The breach gap therefore also becomes an information problem: the gap between what is visible and what actually represents risk.

AI as an accelerator

Although artificial intelligence receives a great deal of attention within cybersecurity, its role in this context is mainly that of an accelerator rather than something fundamentally new. AI does not change the nature of the vulnerabilities themselves, but it does accelerate the way exposure can be found and exploited.

Automation makes it possible to analyse larger volumes of systems, search configurations faster and recognise patterns more efficiently. This mainly increases the speed at which existing weaknesses are found, not necessarily the type of weaknesses themselves.

A visibility problem

At its core, the breach gap is a visibility problem. Organisations that do not have an up-to-date and complete picture of their digital footprint cannot fully assess their real risk. Security is therefore shifting from protecting known assets to continuously identifying unknown or misinterpreted exposure.

This makes the challenge for security teams less of a purely technical problem and more of a structural governance issue. Who is responsible for which assets? Which permissions are still necessary? And which risks have emerged implicitly, without explicit decision-making?

Perception and reality

Matt Hull’s keynote at Cybersec Netherlands 2026 places these developments in a practical context, based on experience from incident response and threat intelligence. His analysis underlines a development that is becoming increasingly visible across the sector: most organisations are not compromised by exceptional attacks, but by structural blind spots in their own digital environment.

“The breach gap: why you’re easier to breach than you think” is therefore not only a keynote about attack patterns, but above all about the reality of modern digital infrastructures in which perception and reality have drifted further and further apart.


Register for free for Cybersec Netherlands 2026

As cyber attacks continue to threaten today’s tech landscape, this event is the premier platform for seasoned cyber security professionals and innovative start-ups to exchange knowledge and tackle cybersecurity challenges together. Organizations across all sectors will discover strategies to boost cyber resilience and safeguard critical assets. Don’t miss this chance to strengthen your cyber defenses, register for free now!