For years, the cybersecurity playbook followed a familiar pattern: when ransomware like Akira or Ryuk struck, organizations responded by building bigger firewalls and deploying automated containment tools. But as Romanus Prabhu Raymond, Director of Technology at ManageEngine, explains, that approach is no longer enough—and in some cases, can do more harm than good.
“Automatically isolating a hospital computer or a bank teller system might create more damage than the original threat,” Raymond said in an interview ahead of his keynote at the Cyber Security Expo in Amsterdam.
This dilemma—how to balance rapid threat response with real-world consequences—sits at the heart of the ethical cybersecurity movement reshaping enterprise security in 2025.
Defining Ethical Cybersecurity
Raymond argues that ethical cybersecurity goes beyond defending data and systems. It’s about protecting organizations, individuals, and society at large with fairness, transparency, and accountability built into every decision.
In today’s cloud-first environment, security is no longer a competitive advantage—it’s a baseline expectation. What sets businesses apart is how they handle data responsibly. Raymond compares the concept to installing security cameras in public spaces while respecting private homes. In other words: protect what matters without crossing ethical boundaries.
ManageEngine has embedded this philosophy into its “ethical by design” approach. The company avoids monetizing customer data, insisting it belongs solely to the customer, and integrates compliance standards such as GDPR and ISO 27000 directly into its products.
Innovation vs. Risk
Companies now face a paradox: innovate too aggressively and risk breaches or compliance violations; focus too heavily on risk mitigation and lose competitiveness. ManageEngine’s “trust by design” framework aims to solve this by building responsibility into every development stage, ensuring rapid innovation doesn’t come at the expense of ethics or compliance.
Globally, the company aligns operations with local privacy regulations, trains employees to handle data with integrity, and deploys a “trans-localisation strategy” to maintain both efficiency and cultural trust.
AI and Human Oversight
With artificial intelligence playing a growing role in security operations, questions of accountability have become urgent. ManageEngine’s SHE AI framework—Secure AI, Human AI, Ethical AI—sets guiding principles:
- Secure AI: protects against adversarial attacks.
- Human AI: ensures people validate critical security actions.
- Ethical AI: explains decisions clearly instead of issuing opaque “black box” alerts.
This layered approach ensures, for example, that an AI doesn’t automatically disable a critical hospital system but instead escalates the alert for human review.
Privacy Without Surveillance
Striking a balance between monitoring and privacy remains one of the toughest challenges. Overzealous surveillance risks eroding employee trust. To avoid this, ManageEngine emphasizes data minimization, purpose-driven monitoring, anonymization, and strict governance controls—collecting only what is necessary, and only for security purposes.
Preparing for the Next Wave of Challenges
Looking ahead, Raymond sees two major ethical hurdles: AI-driven autonomous security and quantum computing. Autonomous systems raise questions about explainability and accountability, while quantum technology threatens traditional encryption. Meanwhile, biometric authentication, if mismanaged, risks crossing lines of personal privacy.
To prepare, Raymond suggests three practical steps for organizations: adopt an ethics charter at the board level, prioritize vendors that embed privacy and ethics into their products, and train staff on why ethical practices matter—not just how to implement them.
