Global cyberattacks like WannaCry and NotPetya have bumped cyber risk firmly to the top of C-suites’ agendas. Even with this increased attention, businesses are still grossly underestimating their exposure, particularly because the attacks happening now are only the tip of the iceberg. The disruption to businesses’ growth, competitiveness, operations and existence is already playing out – and will dramatically increase in the near future. Cyber risk threatens the viability of all organizations; no CEO should be under an illusion about the implications to their business. Nonetheless, a huge proportion of executives are not translating this attention into implementation of the right people, processes and technology to protect their companies.