[Reading time: 26 seconds]

Despite all of the media reports about cyber attacks, it’s interesting how so many firms continue to be victims of unsophisticated attacks.

I wonder is it because many of us are sub-consciously assuming that past performance is a reliable indicator of future returns?

In other words, does the fact that “we have never been attacked before” lead us to assume that “we won’t be attacked in the future”?


As we are frequently told, past performance is not an indicator of future returns.

If a firm is not investing in assessing and improving its cyber security defences, it’s gambling that its luck in the past will not run out in the future.

If the executive team and the Board of the firm are comfortable with this gamble, then that’s their decision (for which they will be reap the rewards or suffer the consequences).

But if they are misinterpreting this gamble as a shred business move, they are only fooling themselves.

So what?

If you are not investing time or money in assessing and improving your cyber security defences, you need to recognise that you are gambling your future on your past luck.

Perhaps the gamble will continue to succeed.

But are you really comfortable with the bet?


(* PS By this time next week, you could know whether you are gambling with your firm’s future. Find out more here.)