This mainly applies to electronic and software systems, but can apply in other domains.

Thinking about security from the outset is obvious in hindsight. Adding security later is often awkward and sometimes impossible.