BT cyber attack

The Path from Denial to True Leadership Is a Challenging One

Cyber attacks are such an ever-rising threat that the UK’s National Crime Unit reports their number surpassed the nation’s “traditional crime” as of July 2016. Importantly, cyber threats don’t always deal with sophisticated technology: sometimes, attackers simply exploit one of a typical organization’s many cyber weaknesses. To stay ahead of cyber criminals, it’s helpful for senior management and board members to understand what BT Security and KPMG call the “five stages of the cybersecurity journey” in their white paper, Securing the Digital Enterprise: The Cyber Security Journey, from Denial to Opportunity. Those stages are: denial, worry, false confidence, hard lessons, and true leadership.

Denial: Cybercrime isn’t always obvious or visible, so it’s easy to think “it won’t happen to me.” But it has no boundaries, making no region, organization, or industry bulletproof. It’s vital that all businesses begin raising awareness to ensure that everyone—not just IT—holds themselves responsible for cybersecurity.

Worry: When you realize how often cyber-attacks occur, it’s normal to worry and begin seeking security tools and solutions. But remember: Technology isn’t the cure-all. It’s when technology is combined with people and processes that organizations stand a chance against bad actors. People are the glue, filling in the gaps the technology can’t reach, and vice versa. Investing in both technology and people can be financially daunting, of course, so start small. From an ROI perspective, consider getting the basics right before focusing on high-value assets.

False Confidence: With a set plan, an educated team, and a balance of people, process, and technology, you have every right to feel confident. But sophisticated hacking techniques can catch you off guard, so it’s essential to avoid resting on your laurels. Instead, while your business’s security tactics are on the upswing, remind yourself and your team that cybersecurity isn’t about “setting it and forgetting it.” It’s an active process. Remember: criminals are always evolving, so you must too!

Hard Lessons: Now that you’ve built a solid foundation, what’s next? Ask the big questions and prepare to face some hard facts. Consider this: what if a hacker locks your computers, holds them hostage, and demands bitcoins as ransom? Do you pay it? If you don’t pay, how long can your business keep running? Instead of saying, “that won’t happen to me,” it’s critical to break from routine and think about such surprise scenarios. Prepare contingency plans so you and your entire business are ready to deal with worst-case situations.

True Leadership: Once you’re ready to react under any circumstance, the role of true leadership comes into play. It’s in the hands of your C-level executives to change the paradigm and start thinking about cybersecurity as a key aspect of all business initiatives rather than as a separate—and costly—issue. Leading by example emphasizes the importance of security measures and inspires others to follow. Don’t just talk the talk, walk the walk. Regularly review strategies, keep systems updated, and recognize that people are at the heart of security.


Successful cybersecurity is active and dynamic, not passive—it’s not about putting up a fence and walking away. Technology is rapidly changing, and threats are changing along with it, so it’s critical to know how to respond and stay ahead of the curve by emphasizing the importance of people in the process, instead of relying only on technology. To be able to defend yourself more effectively, ask the hard questions, accept that the worst can happen, and be a leader in your community.

To download a copy of the report (simple registration required) click here.