Cyber is Sexy. Managing Risk Isn't.

Someone (the cybersecurity industry, the media, or who knows who) got this cybersecurity cliché going, and it's manipulating how people think about cybersecurity. Business owners keep getting pitched "cybersecurity solutions" and bombarded with cyber acronyms that leave them feeling like they don't get it. There's something deeply wrong here.

Could it be that all the cyber talk is just a marketing tactic to get people to spend more money on shiny objects that promise to "keep them safe"? Like the "app" I shall not name that someone is pitching as "eliminating" cyber risk?

Could it be that cybersecurity is just a "sexy" marketing term for... are you ready... managing risk?

It's such a boring, scary, and unpleasant subject, I know.

And yet, at the end of the day, cyber, or information security, is all about managing risk as it relates to data, hardware, software, and ultimately and most importantly, people. If any risk related to any technology didn't affect people, would it even matter? Of course not.

So the reality is that someone, not only something, will always be the victim of cybercrime. Compliance is what some regulatory body tells you to do about preventing the crime. Security is what you need to do to prevent the crime or to limit the risk to an acceptable level.

With that, here are the real questions people should be asking themselves:

• What and where are my assets?

• How much risk are they exposed to?

• How is this risk managed?

• Who is accountable for managing it?

Now, that's the right way to start a real, marketing-language-free conversation about information security.

George