A Cyber Rethink

It was a phishing attack.

It targeted only financial institutions.

It was a ransomware attack.

It spread without regard for collateral damage.

15-20% of the IT budget

1-2% of the IT budget

Over 20% of the IT budget

6-8% of the IT budget

A leaking bucket

A credit card bill

A ticking clock

A broken bridge

The Board of Directors

The CEO

The CFO

The CTO

It focuses solely on financial risks.

It provides both embedded and independent perspectives.

It reduces the need for cybersecurity training.

It eliminates the need for external audits.

Number of software licenses

Amount of data stored

Number of major incidents

Number of employees

As sensors

As security experts

As passive observers

As potential threats

Too few regulations

Lack of international cooperation

Excessive funding

Overly simplified regulations

They are unnecessary.

They are often inconsistent.

They are standardized across industries.

They are only needed for large companies.

It should be avoided at all costs.

It is only suitable for small companies.

It can be effective if done carefully.

It is not allowed by regulations.