I hope that by now, you realize that in the best of cases, a cyber attack is annoying. In the worst of cases, it can totally disrupt the way governments and companies run their day-to-day operations. Overall, cybersecurity is estimated to be a $50 billion problem. And some predict this figure could rise to $6 trillion by 2021. Not surprisingly, companies invest more and more money in cybersecurity solutions. Therefore, the IT security market is growing at 10% per annum. But this is not keeping up with the number of threats that is roughly doubling each year. This is again a typical mismatch between an exponential growth of technology and a linear growth of our business reaction. Businesses always underestimate the risks. I hear many times answers like, I don't have any high value data that will attract hackers, or I don't rely that much on IT. To help get us all out of this illusion, let me share with you an interesting story, the story of Stuxnet. Stuxnet was a malware designed to access computers in a nuclear plant. It had the ability to replicate itself in any device that it infects and any devices connected to it. Nuclear plants have rather a well isolated system. But the bit was that someday, somewhere, some employee will unplug his USB stick from his infected home computer and use it inside the plant, which ended up happening around 2010. The malware then gained access to the plant machinery and compromised the functioning of uranium enrichment process. So if you meet a business owner that tells you cybersecurity is not a worry for his business, you know what to say. This last example also reveals one of the forgotten sides of cybersecurity. This was not a pure technology failure. We can safely assume that a nuclear plant has a sophisticated cybersecurity software in place. But it probably didn't account for an employee using the wrong USB stick in the wrong place. And this is something that is seen across industries. Although inadequate technology accounts only for 28% of data losses, many organizations would focus on it and neglect the people part. The diligent implementation, the awareness of risky behaviors, the auditing process, the governance. This has to do with the fact that in many organizations, top executives and board members still believe that cybersecurity is an IT issue. Sustainably addressing cyber risk requires an organization-wide approach, probably even coordinations with the broader ecosystem. Boards and senior management need to be aware of the risk and prepare for it. Because it's likely not a question of if, but when the company will be target for cybercrime. So what are the main takeaways from this lesson? There are many different types of cybersecurity breaches. They are fragmented, change over time, and are often used in combination. Cyberattacks are fast growing risk for individuals, businesses, and governments causing both financial and reputation harm. Spending on cybersecurity is growing 10 times slower than the number of attacks, leaving many targets more vulnerable to the new more sophisticated attacks. To build cyber resilience, getting the people part is critical. Remember, having the wrong technology tools only accounts for having 28% of the breaches.