Blog · 24 Oct 2017

Your cyber security journey: Stage two - 'Worry'

Join Mark Hughes, President of Security at BT, as he continues the exploration of your cyber security journey. This time looking at stage two - 'Worry'.

Former president of BT Security

Worried about your security?

In my last blog I looked at the first stage in the cyber security journey — ‘Denial’; at how many organisations just can’t see themselves as a potential target — and why that’s a dangerous way to think.

But once you’re past ‘Denial’, you get into the next stage: ‘Worry’. And that’s what I’ll look at in this blog.

Worrying is an important part of your cyber security journey. It’s a dangerous stage (for reasons I’ll explain in a moment), but also a necessary part of your cyber evolution. So let’s get stuck into what this stage means to your organisation, and how to move on from it.

Don’t panic

‘Worry’ is the natural progression from ‘Denial’. Once you’re done denying your organisation has cyber security issues, it suddenly hits you — “we need to protect our networks; how can we do it?”.

The really interesting thing about this stage is that the danger isn’t in cyber attacks — it’s in your organisation’s response to the threat.

This is because the antidote to ‘Worry’ is often spending. Some at this stage see technology as a panacea. Others see answers in new policies, governance and standards, or think that maybe hiring a Chief Information Security Officer (CISO) will help. Either way, the response is to throw money at the problem, and hope it goes away.  

The thing is, all of those solutions are legitimate ways of dealing with the cyber threat — but only if used with care and consideration.

Where next?

My advice for getting safely past this stage is this: don’t panic.

The worst thing you can do is think it’s impossible and not bother. The next worst thing is to spend a fortune on security solutions you don’t need.

The best course of action is to think carefully about your current controls, and assess them in comparison to security best practice. Try to understand if the security you have, can protect your most important assets, and attempt to get your current technology and processes to work in harmony. By all means, invest — but invest with care and consideration.

Moving on

With this done, you’ll be prepared to move onto the next stage: ‘False confidence’.

Keep an eye out for my next blog article, where I’ll delve into what that stage means for your organisation and its cyber security.


Related content


Building nation-level defences to fight cyber crime

Read more

Five steps to cyber security leadership

BT image banner
Download full report

Your cyber security journey: Stage three - ‘False confidence’

We’ve gone through stages one and two of the cyber security journey: ‘Denial’ and ‘Worry’. Now, we take a look at the third, and perhaps most difficult, stage…