Ask yourself this question: Who's responsible for your cybersecurity? You or your IT provider? Do you expect, that since you have outsourced your IT to an IT company, that you won't have a security incident? If so, you may have set very unrealistic expectations.
Many of the companies I meet don't realise that they are responsible for their security posture. Our role, as an IT provider, is to educate the customer on the best decisions to make when improving their security posture. And then deliver on the part that we are actually responsible for.
I speak to 3 or 4 companies a week, and I often ask “Do you have cyber insurance cover?” Typically, between 75 and 85 percent of that audience responds with a resounding “no.”
This is a huge red flag! There isn't a scenario where the IT provider has a shared-risk relationship with the customer and does not talk to them about their cybersecurity insurance, say. Not having these kinds of conversations is a bigger risk than the actual risk of breach.
A lot has changed in the last few years around the threat from Cyber Breaches, and as a company you need to understand that you are on a security journey. Or another way to think of it is that it's a lifestyle change.
Whether you like it or not, it's happening and we are your guide. We can't absolve you of risk. Just help you manage it effectively. You need to assume at some point that you will be breached, and that you need to work with your IT provider what to do when you are.
As a business leader you need to know the risks, build a plan to mitigate them and execute it with your IT provider. Don't be afraid to discuss the risks with them, use it as a way to forge a stronger business relationship.