When you look at the government's 10 steps to cybersecurity, the thing that really stands out throughout that matrix is actually board level responsibilities and risk management. So ultimately the board need to take responsibility for this issue within an organisation. What we found actually increasing over the last 12 months is a lot more awareness and education sessions which are being run at the board level. So really getting that message across at the top first, hopefully then filters down the organisation.
Education is extremely important as part of a cyber strategy. Making sure that your user base and your workforce know what to do in the event of a breach, being able to identify one, report one and deal with an incident process, extremely important. What we see is that organisations that have a very well educated workforce that have policies and procedures and regular training processes in place will be much better placed when it does come to managing an incident and being able to deal with it and more importantly contain it. On the flip side where users haven't been educated those organisations really struggle to deal with the major incident process and that's really what can be the downfall of a business.