Why organizations need a new approach to MDR (part 1)

MDR is evolving from a monitoring and response function into a business-aligned decision framework that helps organizations connect security activity to measurable outcomes.

Marc St-Pierre  profile picture
Marc St-Pierre

July 10, 20265 min read

Abstract digital illustration of silhouetted figures on a blue technology background with orange data streams

Organizations need a new approach to MDR. Managed Detection and Response (MDR) is no longer judged only by how many alerts it triages or how quickly it responds to incidents. The market has moved beyond that baseline. Today, organizations are asking a different question: how does MDR help reduce business risk in a way leadership can understand and defend?

In this first blog of a two-part series, we examine the market forces driving this shift and why traditional MDR expectations no longer align with the needs of modern security leaders.

That shift matters because organizations are under pressure to strengthen cyber resilience while also showing that security investments are producing real value. As cyber risk becomes a more regular topic in executive and board-level discussions, security leaders need more than operational coverage. They need support that helps show how security activity contributes to broader business outcomes.

MDR is being held to a higher standard

For years, MDR was primarily seen as a way to extend security operations. It was valued for improving visibility, helping lean teams manage threats, and giving organizations access to expertise they could not easily build on their own. Those benefits still matter, but expectations have grown.

Security spending is now reviewed more closely by executive leadership, including CFOs and boards. That means the conversation has changed. Instead of asking whether a provider can monitor and respond, organizations increasingly want to know whether their MDR investment is helping them lower risk, improve resilience, and make better decisions.

This creates a difficult environment for security leaders. When major incidents are avoided, it can be hard to prove what was prevented. When something does happen, scrutiny is immediate. In both cases, activity alone is not a strong enough measure of value. Alert counts and response metrics are useful, but they do not fully explain impact.

That is why organizations need a new approach to MDR—one that links technical operations to strategic outcomes and gives leadership a clearer way to understand what security is delivering.

From operational service to decision support

A more modern MDR model does more than watch for threats and escalate issues. It helps organizations decide where to focus, what to prioritize, and how to respond in a way that reflects business risk. At its core, a new approach to MDR must provide not only visibility, but also clarity.

This is an important evolution because most organizations are not struggling with a lack of data. They are struggling with what to do with it. Security teams receive a constant flow of alerts, vulnerabilities, signals, and recommendations. What they need is context that supports action.

That means MDR must help answer questions such as:

  • Which threats matter most right now?
  • What remediation steps should be prioritized first?
  • How does this security issue affect the broader business?

When MDR can provide that kind of clarity, it becomes more valuable to both security teams and executive stakeholders. It helps technical teams move faster, while also helping leaders explain decisions in terms the business understands.

This aligns with a broader shift in cybersecurity leadership. As I discussed in a previous blog, People, risk, and the modern CISO, security leaders increasingly need to translate technical risk into business language and align cybersecurity decisions with broader organizational priorities.

AI Is advancing MDR, but human judgment still matters

AI is already reshaping MDR, but not by replacing people. The strongest model emerging today is one where AI improves speed, consistency, and scale, while human experts remain responsible for judgment and oversight.

In practical terms, AI can help MDR providers improve detection quality, accelerate triage, and enrich investigations with better context. It can reduce the burden on analysts by identifying patterns more quickly and helping sort signal from noise. That has real value in an environment where time matters and talent remains scarce.

At the same time, organizations are taking a measured approach. They want AI to be explainable, auditable, and aligned with governance requirements. There is growing willingness to let AI assist with response actions, especially in time-sensitive cases, but confidence still depends on human validation.

That balance is important. Cybersecurity decisions often affect operations, compliance, and business continuity. Organizations want the efficiency of AI, but they also want accountability. As a result, the future of MDR is not fully autonomous. It is AI-assisted and human-led.

The case for a new approach to MDR is becoming difficult to ignore. Expectations have shifted, AI is changing how security teams work, and leadership increasingly expects security programs to demonstrate measurable value. But recognizing the need for change is only the beginning.

If MDR is evolving from a monitoring service into a business-aligned decision framework, the next question is what that means in practice. In part two, I’ll look at where traditional MDR still falls short, why remediation remains a major challenge, and why a services-led approach is becoming essential for organizations seeking stronger cyber resilience.

For more information or to speak to an expert, contact us at [email protected]

Share this post

Share this post to x. Share to linkedin. Mail to
Marc St-Pierre avatar image

Marc St-Pierre

Marc leads the OpenText Global Consulting Practice for Cybersecurity which delivers Risk & Compliance Advisory, Digital Forensics & Incident Response and various Managed Security Services. His mission is to promote Cyber Resilience and provide business partners with advice, guidance and assistance to achieve Digital Resilience & Trust. In his 15 years with OpenText, he has developed teams and built solutions in areas of Artificial Intelligence, LegalTech, Linguistics & Translation and now Cybersecurity. He has lectured on semantic technologies and lead growth of OpenText with innovations such as Ai-Augmented Voice of the Customer, Magellan Search+ and Managed Extended Detection & Response.

See all posts

More from the author

Why organizations need a new approach to MDR (Part 2)

Why organizations need a new approach to MDR (Part 2)

To realize the full value of modern MDR, organizations must close the gap between detection and remediation through expert guidance, flexible services, and a stronger focus on cyber resilience.

July 10, 2026

4 min read

Endpoints are attackers’ most valuable target: Why endpoint security matters

Endpoints are attackers’ most valuable target: Why endpoint security matters

Endpoints are where attackers gain the most value—making strong, tamper-resistant endpoint security essential to stop breaches before they start

February 11, 2026

4 min read

Demystifying vulnerability assessment methodology (Part 1)

Demystifying vulnerability assessment methodology (Part 1)

Explore how structured vulnerability assessments and penetration testing help organizations uncover hidden risks, validate security controls, and strengthen resilience

February 05, 2026

6 min read