When dealing with the executives of various organizations, the following three myths about cybersecurity often arise. It is necessary to understand why they are incorrect.
1. Cybersecurity is complex and incomprehensible.
You don't need to be an expert to make informed cybersecurity decisions. Just as you make common security decisions (e.g. turning on the alarm), an informed approach based on the expertise of internal and external ICT specialists is sufficient in cyber security at the beginning.
2. Sophisticated cyber-attacks can't be stopped.
A methodical approach and even minor improvements will dramatically reduce the risk. Most attacks use known techniques (e.g., phishing) that can be defended. Sophisticated attacks are rather rare. Even the most advanced attacks start with the simplest methods.
3. Targeted cyber-attacks do not concern us.
Most attacks are untargeted, and attackers try to exploit weaknesses in systems regardless of their owner. The effects can be just as severe as targeted attacks. If you're online, you're at risk. Untargeted attacks will persist because every organization has value to attackers (e.g., ransomware).