Certain cybersecurity practitioners are obsessive on technical controls. They overlook the consequence due to cyber or other non-cyber causes will be the same.
Let’s look at the illustration. Supposed if the truck has insecure network connection. It might be controlled remotely by threat actors. The adverse consequence might cause the truck hit any target or spill off the load.
The same adverse consequence could be due to faults in the brake, fatigue of the chain, improper driving attitude … So, there should be a balance of cyber protection rather than creating many unnecessary technical controls to overkill the usage. More controls means more complex and more human errors will be resulted.