Skip to content

Top 5 common cyber security myths explained

Haroon Malik Mar 25, 2021

As an advisor and consultant specialising in cyber security, I have come across many cyber security myths over the years! Here are 5 of the most common myths I have encountered and what I really think about them as a seasoned cyber vet.


Myth 1: "We have the best tech and tools and therefore we know we are secure"

BUSTED: Some of the most well-known cyber-attacks to date were targeted at organisations that had the best tools and technology!

Cyber Security is as much about people and culture as it is about technology. 


Myth 2: "We are not a target for attacks because we are a very small company"

BUSTED: Cyber-attacks on SMEs have increased massively over the past 5 years. Small businesses can be a treasure trove for hackers and cybercriminals.

In fact, many SMEs have closed down business within 6 months of a major cyber-attack. Size does not matter for a hacker!


Myth 3: "Security is the responsibility of our IT Team"

BUSTED: Cyber Security has moved from the server-room and into the boardroom because cyber-attacks are increasingly impacting much more than technology - they can impact brand, reputation and customer trust.

Everyone in an organisation has a responsibility to contribute to keeping data safe and secure - not just the IT team!


Myth 4: "We are compliant with ISO27001 which means we are fully secure" 

Sooo BUSTED: Adherence and compliance to regulations and/or frameworks is a big step towards cyber preparedness. However, this does not guarantee data security (even if it is ISO 27001!). Organisations need to take a risk-based approach so that they can capture the risks that are pertinent to their organisation (that may not be addressed in the regulatory compliance framework).

As we always say here at 6clicks: Compliance Is Not Resilience (Though it Should Be)


Myth 5: "Our staff understand the nature of cyber threats because they completed the annual training course"

LOL BUSTED: A cyber resilient organisation is one that places emphasis on changing mindsets and culture.

Remember, Culture = Values + Behaviour.

Yes, the annual training is a plus, though it can sometimes be seen as a tick-box exercise which has very limited impact on people's behaviour and mindsets. 


As cyber-attacks increase in frequency and impact, it is important to understand that every organisation, big or small, is always a potential target for cyber-attacks. This is not a case of if, but when.


Interested in taking your cyber security seriously? Book a demo with our team at a time that suits you below.


Leave a Comment

Register for webinars, watch replays and download our ebooks

eBooks & Guides


Our blog and 6clicks TV

Latest articles and interviews with our partners and thought leaders


Our blog

6clicks TV

Top analysts and customers have spoken.

They genuinely love 6clicks.

"The best cyber GRC platform for businesses and advisors."


"We chose 6clicks not only for our clients, but also our internal use”

Partner | Big 4

"With 6clicks we can simply close deals much faster"

CEO | Startup

6clicks Reviews

"The 6clicks solution simplifies and strengthens risk, compliance, and control processes across entities and can grow and adapt as the organization changes and evolves."

Michael Rasmussen | GRC 20/20 Research LLC


Why businesses and advisors choose 6clicks

It's faster, easier and more cost effective than any alternative.

6clicks Enterprise Risk Management

Powered by artificial

Experience the magic of Hailey, our artificial intelligence engine for risk and compliance.

What's the best GRC software?

Unique Hub & Spoke architecture

Deploy multiple teams all connected to a hub - perfect for federated, multi-team structures.

Best software for ISO 27001 compliance

Fully integrated
content library

Access 100's of standards, control sets, assessment templates, libraries and playbooks.

Are you ready to experience AI-powered GRC?