Boardroom vs breach: 20 questions every IT leader should be asking about cyber security

04/07/25 Wavenet
Boardroom vs breach: 20 questions every IT leader should be asking about cyber security placeholder thumbnail

Cyber threats are evolving faster than most organisations can keep up.

Between new attack techniques, expanding digital estates, and the cyber skills shortage, even well-equipped IT teams are struggling to stay ahead.

It’s no longer enough to tick compliance boxes or to simply deploy the latest tools. Real security starts with asking the right questions and acting on the answers.

That’s why we’ve created Boardroom vs Breach, a 20-question self-assessment designed to help IT leaders and those responsible for cyber-security take a clear-eyed look at your current security posture, highlight blind spots, and spark critical conversations at board level.

Why this matters

The cost of a cyber breach isn’t just downtime – it’s trust, reputation, compliance fines, and lost revenue. Yet many companies don’t know if their defences are actually up to the task – do you?

These 20 questions aren’t about theory; they reflect real-world weak points that we see every day. If you can’t answer them confidently, we can help.

The 20 questions you need to answer

Visibility & monitoring

  1. Do you have complete visibility of your IT assets?
  2. What visibility do you have into incidents and events across your infrastructure?
  3. How do you manage your security tooling?
  4. How many different tools are you running — and are they working together?
  5. Are your systems and endpoints patched regularly?

Our advice: Gaining complete visibility starts with consolidating event data, automating alerts, and ensuring continuous oversight across your entire estate.

Take a look at:

Threat detection & response

  1. What happens if an incident occurs after hours? How do you find out? Who responds?
  2. When was your last penetration test? How regularly do you conduct them?
  3. What protections are in place for endpoints, email, and networks?
  4. What level of visibility do you have into potential breaches?
  5. Do you work with a partner that offers 24/7/365 response and real-world support?

Our advice: Improve threat visibility and reduce response times by combining real-time monitoring with expert-led incident analysis and containment.

Take a look at:

Cloud & modern IT risk

  1. Do you use public cloud services?
  2. Are you confident in how they’re secured?
  3. How do you manage and secure user devices remotely?
  4. What vendors are you currently relying on — and are they right for your risk profile?
  5. How do you secure your network beyond the firewall?

Our advice: Extend visibility beyond the traditional perimeter by applying cloud-native monitoring, endpoint telemetry, and policy-based access control.

Take a look at:

People, process & planning

  1. How are your users trained to detect attacks such as phishing?
  2. Do you have access to expert help in a crisis? What cyber expertise exists in-house — is there a dedicated security leader?
  3. How do you create a positive security culture, not just rules?
  4. What threats are most relevant to your industry?
  5. Are you meeting required regulations and compliance standards?

Our advice: Build better situational awareness by aligning people and processes with continuous monitoring and clearly defined escalation paths.

Take a look at:

And a bonus question, with potentially the most worrying answer of all…

What would a breach cost your business — financially and operationally?

Putting it all together

While individual solutions can address specific security challenges, working with a trusted managed services and security partner ensures cohesive, round-the-clock support across every aspect of your cyber security posture — delivering greater efficiency, resilience, and long-term value.

We work with IT and security leaders across all sectors to assess risk, build resilient cyber strategies, and deliver comprehensive protection that scales with your business.

From real-world penetration testing to 24/7/365 threat detection, cloud security, and expert consultancy, we’re your trusted partner in securing the ‘now’ — and preparing for what’s next.

 

Don’t wait for a breach to find your weak spot. Find out more about our cyber security services.

Cyber security services Talk to us

Cyber Security, MDR, Threat detection, EDR, Incident Response, CyberGuard, Blogs, SIEM, Vulnerability Management, SAE

Latest blogs

See all posts
Microsoft EA Volume
Microsoft is removing EA volume discounts - what you need to know

Upcoming changes to Microsoft Volume Licensing discounts - effective 1st November 2025

Read more
MDR in cyber security
What is MDR in cyber security?

In the face of constantly evolving cyber threats, relying solely on traditional defences like firewalls and anti-virus is no longer enough. Today’s cyber landscape demands proactive detection, rapid response, and continuous oversight. This is where Managed Detection and Response (MDR) comes into play: a modern approach that empowers businesses to stay one step ahead of cyber threats - even when internal resources are stretched thin.

Read more
Placeholder thumbnail
Podcast: unpacking the evolving challenges and decisions surrounding public cloud strategy

Sharing expert insight into public cloud strategy... In the latest episode of Asanti's “In Conversation With” podcast, Asanti’s Emma Lauchlan speaks with Chris Talliss, Director of Cloud, Data and Apps at Wavenet, to unpack the evolving challenges and decisions surrounding public cloud strategy.

Read more
Microsoft 365 e3 vs e5
Microsoft 365 E3 vs E5 – what’s the difference for your business?

Choosing the right Microsoft 365 licence can make all the difference – from managing costs to ensuring security and compliance. Here’s a side-by-side comparison of the two enterprise plans, so you can decide what works best for your organisation.

Read more
Placeholder thumbnail
Webinar - Wavenet and Mitel’s vision for 2025 & beyond

Webinar summary: future-proofing business communications with Mitel & Wavenet As communication continues to evolve, choosing the right partner is essential. This exclusive webinar, hosted by Wavenet in partnership with Mitel, featured Stuart Aldridge (UK Head of Mitel), Emma Westland (Strategic Director at Zoom) and Barry Ward (Product Director at Wavenet), delivering a forward-looking session focused on the future of unified communications (UC) for Mitel, Zoom and Wavenet.

Read more
A happy house tenant is using an app on her phone to report a home issue to her housing provider
From risk to resolution: how Active Assessor helps you stay ahead of Awaab's Law

What does Awaab's Law mean and why does it matter? Damp and mould aren’t just inconvenient maintenance problems - they’re serious risks to tenant health, regulatory compliance, and the reputation of housing providers. Nearly 1 in 7 social homes in England failed to meet the Decent Homes Standard in 2023¹. On top of that, the NHS is estimated to spend £1.4 billion a year treating health issues related to cold, damp housing². And yet, more than half of tenants experiencing condensation, damp or mould don’t report it. Often, they don’t recognise the early signs, or they simply don’t believe they’ll be taken seriously. This silence leaves landlords in the dark and turns small, fixable issues into expensive, high-risk problems. From October, social landlords will be legally required to fix emergency hazards within 24 hours and investigate and repair dangerous damp and mould within set timeframes, under new legislation known as Awaab’s Law. Introduced in memory of two-year-old Awaab Ishak, who tragically died in 2020 after prolonged exposure to mould in his social housing, the law represents a major step toward improving housing safety and quality. It allows tenants to take legal action if landlords fail to comply and will be rolled out in phases, beginning with damp and mould, to ensure effective implementation. This approach aims to deliver meaningful, lasting change while honouring the efforts of Awaab’s family to secure justice. Awaab’s Law also supports the government’s broader plan for change, which includes a commitment to building 1.5 million new homes and delivering the biggest improvement to social and affordable housing in a generation. The challenge: strained teams & outdated systems Most housing providers care deeply about tenant safety. The problem isn’t willingness—it’s capacity. Maintenance teams, IT departments, and customer contact centres are already stretched thin. Spotting early-stage issues requires tools they simply don’t have. Traditional, manual inspections are expensive and slow. Reactive workflows leave little room to get ahead of problems. And despite growing demand for proactive service, only 13% of customers actually receive it. The systems many teams rely on today are fragmented, outdated, and not fit for the pressures of a post-Awaab world. The solution: Active Assessor by 8x8

Read more

Stay service-savvy

Get all the latest news and insights straight to your inbox.