A recent article in the McKinsey Quarterly gave some interesting insights. "Meeting the cybersecurity challenge" shows that more sophisticated attackers are only one of several reasons for the increased threat. Other reasons are more based on how the nature of the business has evolved with employees expecting flexible access, suppliers and customers being more closely interlinked in supply chain processes, and companies forced to venture out from behind their firewalls to earn their money online.

Therefore, the solution of the problem cannot be expected to come from the IT specialists alone. There are business decisions to be made, e.g. classifying data to see, where the most critical information sits and focus the main efforts there.

We also observed that a paradigm shift is required in many organisations to change data security from being perceived as a purely technical problem to a business problem to be addressed on various levels. Many of the recent high profile security disasters were owed to behavioural rather than technical problems. Whilst security technology is to play a key role and needs to be driven forward, we believe awareness of information security needs to become part of the culture of an organisation - and with probably the majority of CxOs giving away passwords to their PAs or others, there is a long way to go...