We’ve come to the end of the cyber security journey. In my previous blogs, I’ve explored the trials and tribulations — as well as the positives — of the previous four stages: ‘Denial’, ‘Worry’, ‘False confidence’ and ‘Hard lessons’.
Not every organisation will have completed the entire journey. Perhaps you dodged Denial and went straight to Worry. But whichever stage you started on, the ending will be the same — achieving what our report called: ‘True leadership’.
When you reach the True leadership stage of your cyber security journey, you’re bringing all the lessons you learned on the way — and using that experience to reach a new, better way of thinking about cyber security.
Our research found that when organisations reached the True leadership phase, they all showed similar tendencies.
True leaders recognise the fact that the cyber threat is in a constant state of change. And that, to keep up, their organisation needs a security stance that’s both strong and flexible. Strong enough to deal with known threats and flexible enough to bend to meet unknown risks.
The final stage of the journey is where organisations learn that, to be truly secure, they need to work with their peers to create a community, unified against cyber criminals. They need to share security information, in order to receive security information. And they need to remember to do it before an attack — as you can’t build confidence with another organisation when you’re in the midst of dealing with a breach.
What really sets true leaders apart, is their ability to think differently about cyber security. They don’t see cyber as a separate, isolated risk. They see it for what it is: an integral part of the organisation that is both a potential risk to the entire operation, but equally a possible driver of business success.
If you’re lucky, your organisation will already be at, or at least near, this final stage. If not, don’t panic. Take a look at my previous blogs about the first four stages, and use them to propel your organisation further along the journey.
The question then is: where do we go from here?
Well, I think it’s important to figure out the risk you actually face. That’s why, in my next blog, I’ll look at the three ‘zones of cyber risk’. These zones, identified in our report, will help you figure out exactly which kind of risk your organisation needs to look out for, and how.
So stay tuned.