While there are well documented shortages in technical security capability, in my view the real problems arise from gaps in corporate governance.
A conversation I occasionally get drawn into with others in the security industry is what does cyber mean and how should we define it? I've met plenty of individuals who want to define it more narrowly in order to make their job manageable; which I understand but ultimately disagree with.
Having studied language a long time ago I tend to think its more important to look at how a word is used. Currently for "cyber" that means any form of operational risk that touches electronic data.
We need to match our practice to that expectation.
"This shows the extent of social engineering and how the internet can be used to defraud businesses," the IoD said, "Along with false house purchase completion requests for solicitors this is truly alarming. This is why human interaction with technology needs to be failsafe and why cyber is becoming a largely human problem."