The truth is that in today’s hyperconnected world, maturity-based cybersecurity programs are no longer adequate for combatting cyberrisks. A more strategic, risk-based approach is imperative for effective and efficient risk management (Exhibit 2).

The answer, I believe, lies in fostering a strong cybersecurity culture within organisations. It’s not enough to simply implement technical solutions and hope for the best; we must fundamentally change the way we think about and approach cybersecurity. This means embedding security into every aspect of an organisation’s operations, from the

Companies' cultures need to change. You need to become concerned about every new piece of software, every new connection and every new piece of data -- whether or not you're required by law to care. If some piece of software doesn't contribute to your core business, don't allow it. If some new Internet-connected service isn't part of your mission,