Cybersecurity is in a state of emergency. Attacks are increasing in scale, frequency, and sophistication, yet organizations still struggle to take decisive action.
Instead of confronting threats head-on, many hide behind outdated notions of “risk management,” a term that has become a crutch and an excuse for inaction.
The word “risk” gives organizations the wrong idea and the false belief that cyber threats can be categorized and controlled.
Organizations must realize that cyber threats aren’t just hypothetical risks, but immediate dangers that must be treated with urgency. And they’re costing businesses dearly. Research from the Ponemon Institute found that 58% of organizations had to shut down operations following a ransomware attack, up from 45% in 2021.
The problem is the idea of risk makes it seem like cyber threats can be calculated and assessed by analysts in ivory towers. In reality, cybercriminals don’t work from actuarial tables, nor do they care about probabilities.
They act. And they win. And they won’t change their behavior until we change ours.
I’m all too familiar with successfully changing the debate in cybersecurity, having…
