Why Cyber Defence Is Like an Onion

The Survivability Onion, originally a military concept, is gaining traction in cyber‑defence circles because it flips the traditional "detect‑then‑respond" paradigm. By treating the outermost layer as a strategic decision—"don’t be there"—companies can dramatically reduce their attack surface. In practice, this means decommissioning legacy applications, consolidating cloud workloads, and pruning idle accounts, actions that not only diminish exposure but also simplify the security stack, leading to measurable cost savings.

For enterprises that cannot eliminate every asset, the onion’s inner layers prescribe camouflage techniques such as network segmentation, encryption, and deceptive technologies that make systems harder to discover. When a breach does occur, the model outlines rapid containment, forensic analysis, and resilient recovery pathways, ensuring business continuity. Crucially, de Villiers stresses that these steps require ownership from CISOs and CIOs rather than reliance on third‑party service providers, fostering a culture where security considerations are baked into product design and development pipelines.

The upcoming ITWeb Security Summit in Cape Town provides a platform for leaders to explore this framework in depth. As cyber‑threats grow more sophisticated, the onion approach offers a pragmatic, cost‑effective roadmap that aligns technical safeguards with executive strategy. Early adopters like Stitch report lower security expenditures and faster incident response times, signaling a shift toward proactive, layered defence that could become a new industry standard.