Five Cyber Security Questions Keeping Business Leaders Awake

Five Cyber Security Questions Keeping Business Leaders Awake

Business leaders are seeking clearer, more practical guidance on cyber risk, according to Wavenet, which has highlighted five of the most common security questions raised during its recent online forum: Cyber Security in Action.

The discussion, which assembled frontline security resilience experts from across the country, explored the issues troubling organisations – from why cyber attacks still succeed and how to improve staff awareness, to the growing impact of AI and what effective cyber resilience looks like in practice.

While cyber threats continue to change, the discussion showed that many business leaders are looking for clear, practical answers rather than technical complexity. Among the most relevant takeaways, regardless of sector or size, were these five questions:

1. Why do so many cyber attacks still succeed? Because attackers often do not need sophisticated methods. Many of the most damaging incidents still begin with weak or reused passwords, phishing emails, or systems that have not been patched quickly enough. The lesson for businesses is that getting the basics right still goes a long way.
2. How can we make staff take cyber security more seriously? Awareness training often falls flat when it feels generic or overly technical. The forum highlighted that it is more effective when it is short, practical and clearly tied to everyday working life. Real-world examples, phishing simulations and interactive formats can help turn cyber security from a box-ticking exercise into a shared responsibility.
3. Should businesses be moving towards ‘passwordless’ security? Where practical, yes. Approaches such as biometrics and hardware security keys can reduce the risks associated with traditional passwords. But the wider point is about strengthening identity and access controls in ways that are realistic for each organisation, rather than blithely chasing trends.
4. Is AI shifting the balance in favour of attackers? AI is changing the picture on both sides. Criminals are using it to create more convincing phishing emails and fake content, while defenders are using it to improve detection and response. The bigger issue for leadership teams is governance: having clear rules around how AI tools are used; what data can be shared; and where accountability sits.
5. What does good cyber resilience actually look like? Prevention cannot be the sole focus. Good cyber resilience is also about being able to recover quickly when something goes wrong. That means having backups that are protected from tampering, keeping critical systems updated, and making sure incident response plans are not sitting untested on a shelf.

Paul Colwell, CISO for Wavenet, says: “The strongest message from our recent forum was that good cyber security often comes back to the basics: better habits; clearer policies; and stronger organisational resilience.

“Business leaders don’t need scare stories – this much was clear from the event. What they do need is clarity. The most effective cases we’ve seen are where organisations focus on practical action. This means improving the basics, engaging their people, and making sure cyber security is treated as a business-critical issue, not just an IT one.”

The five questions formed part of a wider discussion during the forum, which revealed 10 common challenges facing organisations today. To read the full list of 10 questions and expert insights, visit the Wavenet website.