Complexity Is the Cyber Attacker’s Best Friend: Simplify Your Tech Stack Now

Richard Keenlyside
May 7
3 min read

TL;DR

Overcomplicated IT systems drastically increase your exposure to cyber threats. By simplifying your tech stack, you reduce technical debt, improve visibility, and boost your organisation’s resilience to cyber attacks. Simpler systems are easier to secure, manage, and evolve — key for survival in the digital age.

Simplified tech stack diagram with arrows linking Application, Database, Server, and Cloud; complex stack with interconnected shapes. — Simplified Vs Complex Tech Stack

Keeping Your Systems/Technology Stack Unnecessarily Complicated Makes You More Prone to Cyber Attacks

By Richard Keenlyside

In my decades overseeing global IT strategy — from retail giants like J Sainsbury’s to manufacturing leaders such as LoneStar Group — one lesson recurs with undeniable clarity: simplicity is security. When your technology stack is overengineered or burdened by legacy systems, you’re not just draining resources — you’re leaving the door wide open to cyber attackers.

The Problem with Complexity

Complex IT environments often evolve through mergers, rushed implementations, or a reluctance to retire legacy systems. What results is a bloated, inconsistent technology landscape riddled with overlapping tools, unpatched software, outdated integrations, and shadow IT. This tangled web becomes increasingly hard to govern, secure, or even understand.

Worse, every additional system adds to your attack surface. The more endpoints, apps, and integrations you manage, the more opportunities cybercriminals have to find a weakness.

Why Simpler = Safer

Improved Visibility: A leaner stack gives you clearer oversight of all assets and activities. You know what’s running, who owns it, and whether it’s up to date. This is vital for real-time monitoring and swift threat response.
Reduced Attack Surface: Fewer applications and integrations mean fewer potential entry points for hackers. This is foundational cyber hygiene — yet often ignored in favour of speed or legacy dependence.
Stronger Patch Management: A simplified ecosystem is far easier to keep patched and compliant. With fewer systems to manage, updates happen quicker, and vulnerabilities close faster.
Streamlined Governance: Aligning tools and processes across the business makes governance frameworks, like ISO 27001 or NIST, easier to implement and audit.

The Business Case: Security Meets Efficiency

Simplifying your tech isn’t just about cyber resilience; it unlocks operational benefits, too. At M.I. Dickson, streamlining legacy systems and deploying centralised data solutions improved efficiency. Similarly, rationalisation brought clarity, control, and security in retail and logistics transformations at Mothercare.

Best Practices to Reduce Complexity

Perform a full tech stack audit: Identify overlaps, outdated systems, and underused tools.
Consolidate vendors and tools: Fewer platforms mean easier integration and governance.
Adopt cloud strategically: Cloud platforms like Azure can unify environments and improve scalability/security.
Embed cybersecurity into transformation: Treat security as foundational, not an afterthought.
Establish ownership and accountability: Every asset should have a responsible owner ensuring it's managed and maintained.
Retire legacy systems: Don’t delay just because “it still works”. If it’s not secure or supportable, it’s a risk.

FAQs

Q: Isn’t modernising systems costly and disruptive? Yes, in the short term. But failing to do so can lead to far costlier cyber incidents, regulatory fines, or loss of customer trust.

Q: How do I know which systems to remove or keep? Start with an audit. Focus on business-critical tools that are secure, compliant, and well-integrated. Eliminate or replace the rest.

Q: Can small businesses benefit from simplification too? Absolutely. Even small firms face threats, and lean systems make it easier to respond effectively.

Conclusion

Complex systems are not a badge of innovation — they’re a liability. The more layers and outdated components you carry, the more likely you will suffer a breach. As a CIO who has led cyber and transformation efforts across multiple industries, I can’t stress this enough: simplify to survive.

Whether modernising post-merger or shedding outdated tech, treat complexity as your enemy. It’s not just about saving costs but protecting your future.

Richard Keenlyside is the Global CIO for the LoneStar Group and a former IT Director for J Sainsbury’s PLC.

Call me on +44(0) 1642 040 268 or email richard@rjk.info.

Follow me on X https://x.com/cioinpractice & LinkedIn https://www.linkedin.com/in/richardkeenlyside/