Our data is valuable, even if we can’t specify exactly what our personal data is worth. It is undisputable that the value of data in our digital world is growing day by day (IP, Customer Data, etc.). This data has a significant value for cyber criminals and it is indeed a badly hidden secret that the loss of critical data will cause massive damage for companies. Nowadays data has to be available 24/7 and, if we can’t access and work with our information because hackers encrypt entire server farms or conduct massive DDOS attacks, an entire company is paralyzed. The real value of our information is highly visible – critical data access is in fact priceless! Our economy is on the drip of the data stream.

Nevertheless, a lot of companies still seem to be very hesitant to respond to the ubiquitous threats. Investments in modern and state of the art security solutions will be postponed until something disruptive happens. The commercial threat is quite often underestimated and the realization of the detailed impact of a data loss will be only transparent after a successful cyberattack. 

In past centuries, fires have been a devastating threat to our cities and villages. Mankind has learnt and improved its fire protection techniques step by step – not using wooden buildings, avoiding wooden walkways, defining a minimum distance between the houses, having hydrants spread across the cities, proactive fire detection systems, etc. Nowadays, we are very mature to avoid, detect and respond to the fire threats. Cybersecurity strategies have to mature as well. We can learn from our brave firefighters - but we need to embrace the change and throw some of our established ways to run security away. Understanding the threats and risks for the business and designing the cybersecurity strategy to cope with them – even if it requires some disruptive changes.

In the light of the overall explosiveness, companies should normally undertake all imaginable efforts to protect their critical data – normally. In reality only one out of four top decision makers consider their data to be secure and 65% expect a successful breach with significant impact on reputation and commercial performance.

Cybersecurity is on the boardroom agenda but, until real damage happens, it is hard to assign the necessary budgets to improve the end to end security strategy. Of course, security is vital for a company but, even while this rational has been embraced by many, there is still some level of denial – “it will impact others first, we are not the primary target of cyber criminals”.

Relying on security principles designed decades ago resulting in a patchwork of security Islands will be not a route to win this critical race. Of course, proactive design of a security strategy requires the budgets assigned before an incident happens!

I don’t want to sing the same song again, but companies have to change their game plan for their cyber security strategy to avoid the “tortoise and the hare” dilemma.