5 Mistakes Companies Will Make This Year With Cybersecurity

Cybersecurity is increasingly becoming a business priority. This is because it’s becoming more and more apparent how damaging a data breach, ransomware attack or other cyber threat can be to the bottom line.

It’s great to see that, at least compared to five years or so back, most companies understand the need to take it seriously,

But treating cybersecurity as the business-wide strategic objective that is clearly should be is still new to many. Working with companies of all shapes and sizes, I’m frequently exposed to the common miss-steps and pitfalls that can too easily trip them up.

So here are the five most important mistakes companies will make, as well as some tips on avoiding them.

Ignoring The Role Of AI In Cybersecurity

Artificial intelligence is changing the game when it comes to cyber-attacks and cyber defense. Increasingly, criminals are able to use commonly available tools to launch sophisticated phishing scams, going as far as digitally replicating faces and voices in order to trick security systems. They can also use AI-powered networking attacks that adapt in real-time to evade security systems.

Fortunately, businesses can use AI themselves, too, to counter AI attacks. AI-based monitoring, detection of anomalous network activity, and automated defense systems should be included in every business's cybersecurity tool kit. And security strategies and playbooks should be frequently updated in response to newly emerging threats.

Not Having An Incident Response Plan In Place

When a cyberattack hits a company that has no clear response plan in place, the result is inevitably chaos. For many years, businesses have neglected to do this and may well have gotten away with it, as the chances of being targeted by attackers were slim. Today, that's a luxury we can't afford, as attacks become more frequent, sophisticated and costly.

Ransom payments, legal fees, fines for data breaches and reputational harm can bring a business down. But these risks can all be mitigated with a response plan, so when disaster strikes, everyone at least knows how to minimize the damage and get the show back on the road.

An Underprepared Workforce

With the proliferation of social networking attacks, unaware and undertrained employees are often the weakest link in the chain. So it's no surprise that they are frequent targets. AI-powered phishing attacks and deepfakes are all very new threats, so we can’t expect that everyone is going to be wise to them unless they’re trained.

Continuous, ongoing implementation of cybersecurity training is essential, not just for staff with direct access to critical backend systems but for anyone who might be vulnerable to unwittingly providing backdoor access. Employers can conduct simulated phishing tests to measure the level of awareness across a workforce and provide workshops where staff are updated on new threats as they emerge.

Underestimating Insider Threats

It's often easy for businesses to focus on preventing outsiders from getting access to their systems, overlooking the fact that 60 percent of data breaches are caused by insider threats. This can be both deliberate or accidental, with both disgruntled and negligent employees posing their own set of threats.

Commonly, this is caused by a lack of internal security controls, which creates opportunities for those looking to profit from sabotage or data theft. Insiders are often undetected by systems designed to spot threats from outside, and they are capable of evading internal checks. Rigorous access controls, as well as monitoring to understand who is accessing data and what they are doing with it, is part of the solution. Another is raising awareness of steps everyone should take to ensure they don’t accidentally become a threat.

Failing To Instill A Company-Wide Culture Of Cyber Preparedness

For many years, cybersecurity has been seen as the responsibility of IT teams. The reality is that everyone in an organization today has a crucial part to play in protecting it from attack.

Instilling a cyber-prepared culture involves integrating cyber security into every aspect of daily operations. This means that security best practices should be actively promoted by leaders and should be a critical part of employee onboarding and ongoing certification. Channels should be in place for reporting suspicious activity without fear of reprimand or overstepping boundaries. The key is to communicate the message that cybersecurity is a shared responsibility and not something that should be left to IT or technical staff to sort out.

Mitigating Cyber Business Risks In 2025 And Beyond

Being aware of these pitfalls and understanding the basic steps businesses should take to avoid them is the first step to building resilience to cyber threats. Make no mistake, as business and society as a whole become increasingly digitized and connected, the risks posed by hackers, phishers, and scammers, not forgetting good old-fashioned ignorance, are only going to grow.

Adopting cybersecurity-first best practices, training staff to be aware of the risks, and putting a resilient incident response plan in place should be top priorities for every business today.