When ransomware attacks like Akira and Ryuk began crippling organisations worldwide, the cybersecurity industry’s first instinct was predictable: build bigger walls, deploy more aggressive automated responses, and lock down everything. But there was a different problem emerging, according to Romanus Prabhu Raymond, Director of Technology at ManageEngine.
The company’s customers were demanding aggressive containment features, yet automatically quarantining a suspicious hospital computer or bank teller system might prove more devastating than the original threat. The dilemma – balancing rapid threat response with real-world consequences – exemplifies why ethical cybersecurity practices have become one of the defining challenges of 2025.
In our exclusive interview shortly before his presentation at the Cyber Security Expo in Amsterdam, Raymond revealed how leading organisations are breaking free from the traditional security-versus-privacy trade-off and why the companies embracing this “trust revolution” can reshape enterprise security.
For starters, the cybersecurity industry stands at a important juncture. High-profile breaches, evolving regulatory frameworks, and the rapid integration of AI into security systems have created new challenges that extend far beyond technical protection. Organisations now face important questions about how to balance innovation with responsibility, privacy with security, and automation with human oversight.
Defining ethical cybersecurity in the modern era
According to Raymond, ethical cybersecurity transcends traditional notions of defence. “Ethical cybersecurity goes beyond defending systems and data – it’s about applying security practices responsibly to protect organisations, individuals, and society at large,” he explained during our interview ahead of his presentation.
In 2025’s cloud-first environment, security isn’t a competitive differentiator, but a baseline expectation. What distinguishes organisations today is how ethically they handle data and implement security measures.
Raymond uses the analogy of installing security cameras in a neighbourhood to protect public spaces without intruding on private areas; the avoidance of peering into residents’ windows. Cybersecurity must operate under the same principle.
ManageEngine has operationalised this philosophy through what Raymond calls an “ethical by design” approach, embedding fairness, transparency, and accountability into every product from conception. The company’s stance on customer data exemplifies this commitment: it neither monetises nor monitors customer data, maintaining that it belongs solely to the customer.
The innovation-risk paradox
The tension between innovation and risk management represents an important challenge for modern organisations. Push too hard for innovation without adequate safeguards and companies risk data breaches and compliance violations. Focus too heavily on risk mitigation, and organisations may find themselves unable to compete in evolving markets.
The “trust by design” philosophy embeds responsibility and accountability into every development stage, which allows rapid innovation and maintains compliance and ethical standards. When deploying important components like endpoint agents, the company ensures new functionality inherently complies with industry standards and security requirements.
The method extends to the company’s global operations. ManageEngine maintains datacentres worldwide which align with local privacy and regulatory demands, and trains every employee – from developers to support engineers – to treat customer data with integrity. The company’s “trans-localisation strategy” ensures local teams serve local customers, creating operational efficiency and cultural trust.
AI integration and human oversight
As artificial intelligence becomes increasingly central to cybersecurity operations, the ethical implications of AI-driven security solutions have become more complex. Raymond acknowledges that AI is evolving from purely assistive roles to more decisive functions, raising questions about accountability, transparency, and fairness.
Raymond expounds ManageEngine’s “SHE AI principles”: Secure AI, Human AI, and Ethical AI. Secure AI involves building robust protections against manipulation and adversarial attacks. Human AI ensures human oversight remains integral to important security actions—for instance, if AI detects a suspicious endpoint, it escalates for human validation rather than automatically removing the device from the network.
This is particularly important in sensitive environments like hospitals or banks, where automatically blocking systems could have severe consequences.
The ethical AI component emphasises explainability. Rather than generating “black box” alerts, ManageEngine’s systems explain their reasoning. An alert might read: “The endpoint cannot log in at this time and is trying to connect to too many network devices.” This transparency is essential for compliance and building trust in AI-driven security systems.
Navigating privacy-security trade-offs
The balance between necessary security monitoring and privacy invasion represents one of the most delicate aspects of ethical cybersecurity practices. Raymond acknowledges that while proactive monitoring is essential for detecting threats early, over-monitoring risks creating a surveillance environment that treats employees as suspects rather than trusted partners.
ManageEngine uses principles that emphasise data minimisation, purpose-driven monitoring, anonymisation, and clear governance structures. The company collects only information necessary for security purposes, ensures every piece of data has a defined security use case, uses anonymised data for pattern analysis, and defines data access privileges and retention periods.
The framework demonstrates that security and privacy need not be mutually exclusive when guided by ethics, transparency, and accountability.
Industry leadership and future challenges
Raymond argues that technology vendors must act as custodians of digital ethics, earning trust rather than expecting it to be given blindly. ManageEngine says it contributes to industry standards by thought leadership, advocacy, and by embedding compliance standards like ISO 27000 and GDPR into products from the start.
Raymond identifies AI-driven autonomous security and quantum computing as the biggest ethical challenges facing the industry. As security operations centres move toward full autonomy, questions of explainability and accountability become critical. Quantum computing’s ability to break traditional encryption threatens secure communication foundations, while technologies like biometrics raise privacy concerns if not managed carefully.
Practical implementation
For organisations seeking to integrate ethical considerations into their cybersecurity strategies, Raymond recommends three concrete steps: adopting a cybersecurity ethics charter at the board level, embedding privacy and ethics in technology decisions when selecting vendors, and operationalising ethics through comprehensive training and controls that explain not just what to do, but why it matters.
As the cybersecurity landscape evolves, companies that will thrive are those that recognise ethical cybersecurity practices as the foundation for sustainable, trusted technological advancement, not as constraints on innovation. In the future organisations have to innovate responsibly and maintain human oversight and the ethical principles that digital trust requires.
Source: https://www.artificialintelligence-news.com/ 
					
 
			 
			 
			