While there are well documented shortages in technical security capability, in my view the real problems arise from gaps in corporate governance. 

A conversation I occasionally get drawn into with others in the security industry is what does cyber mean and how should we define it?  I've met plenty of individuals who want to define it more narrowly in order to make their job manageable; which I understand but ultimately disagree with.

Having studied language a long time ago I tend to think its more important to look at how a word is used.  Currently for "cyber" that means any form of operational risk that touches electronic data.

We need to match our practice to that expectation.