One of the reasons that we in the cybersecurity industry continue to lose to bad actors is our lack of pro-activity. While many organizations have made big investments in their security functions, they tend focus largely on reacting to alerts and responding to known situations. This is a bit like arming your burglar alarm after the robbery.
For the typical enterprise, the key aspect of the cybersecurity function involves a security operations center (SOC), typically a large room with big monitors lining the walls.