Skip to content

Top 5 common cyber security myths explained

Haroon Malik |

March 25, 2021

Top 5 common cyber security myths explained


As an advisor and consultant specialising in cyber security, I have come across many cyber security myths over the years! Here are 5 of the most common myths I have encountered and what I really think about them as a seasoned cyber vet.

Myth 1: "We have the best tech and tools and therefore we know we are secure"

BUSTED: Some of the most well-known cyber-attacks to date were targeted at organisations that had the best tools and technology!

Cyber Security is as much about people and culture as it is about technology. 


Myth 2: "We are not a target for attacks because we are a very small company"

BUSTED: Cyber-attacks on SMEs have increased massively over the past 5 years. Small businesses can be a treasure trove for hackers and cybercriminals.

In fact, many SMEs have closed down business within 6 months of a major cyber-attack. Size does not matter for a hacker!


Myth 3: "Security is the responsibility of our IT Team"

BUSTED: Cyber Security has moved from the server-room and into the boardroom because cyber-attacks are increasingly impacting much more than technology - they can impact brand, reputation and customer trust.

Everyone in an organisation has a responsibility to contribute to keeping data safe and secure - not just the IT team!

Experts Guide to Cybersecurity Compliance

Myth 4: "We are compliant with ISO27001 which means we are fully secure" 

Sooo BUSTED: Adherence and compliance to regulations and/or frameworks is a big step towards cyber preparedness. However, this does not guarantee data security (even if it is ISO 27001!). Organisations need to take a risk-based approach so that they can capture the risks that are pertinent to their organisation (that may not be addressed in the regulatory compliance framework).

As we always say here at 6clicks: Compliance Is Not Resilience (Though it Should Be)


Myth 5: "Our staff understand the nature of cyber threats because they completed the annual training course"

LOL BUSTED: A cyber resilient organisation is one that places emphasis on changing mindsets and culture.

Remember, Culture = Values + Behaviour.

Yes, the annual training is a plus, though it can sometimes be seen as a tick-box exercise which has very limited impact on people's behaviour and mindsets. 


As cyber-attacks increase in frequency and impact, it is important to understand that every organisation, big or small, is always a potential target for cyber-attacks. This is not a case of if, but when.


Interested in taking your cyber security seriously? Book a demo with our team at a time that suits you below.

Get started with 6clicks