Cybersecurity is still not taken as seriously as it should be, and is simply not embedded into the
UK's boardroom thinking,
Cybersecurity is a cost, it does not generate money and cost are bad, bean-counters and shareholders don't like that. This is only when a disaster occurs that they begin to think about it, and then throw a lot in money in PR to claim they take security and customers' privacy very seriously. Till next time.
Today's tendency is to get rid of internal IT and push everything in the almighty and magical cloud to change CAPEX in OPEX, delegating the responsibility, so the C-suite believes. It's well known that underpaid and overworking contractors would be more efficient than in-house IT, right?
If bean-counters and shareholders could get rid of fire alarms, security exit and generally anything related to physical security, they would gladly do it to save a few bucks. Regulation and law enforcement is the only thing that prevent them to do it. GDPR is a first step in the good direction.