Lovejoy: Cyber security is a risk management process. This allows an organisation to identify, protect against, withstand and recover from cyber attacks, which can impact business operations and data.

It said such risk is intensified when a business does not patch a device or revisit the operating system version for the duration of its lifetime, which NTT said many do not do.

We need to be good at risk, and good at explaining it. Where organisations hit the headlines as a result of uncontrolled information security risks, there is an inevitable blame storm.