Boardroom vs breach: 20 questions every IT leader should be asking about cyber security

04/07/25 Wavenet
Boardroom vs breach: 20 questions every IT leader should be asking about cyber security placeholder thumbnail

Cyber threats are evolving faster than most organisations can keep up.

Between new attack techniques, expanding digital estates, and the cyber skills shortage, even well-equipped IT teams are struggling to stay ahead.

It’s no longer enough to tick compliance boxes or to simply deploy the latest tools. Real security starts with asking the right questions and acting on the answers.

That’s why we’ve created Boardroom vs Breach, a 20-question self-assessment designed to help IT leaders and those responsible for cyber-security take a clear-eyed look at your current security posture, highlight blind spots, and spark critical conversations at board level.

Why this matters

The cost of a cyber breach isn’t just downtime – it’s trust, reputation, compliance fines, and lost revenue. Yet many companies don’t know if their defences are actually up to the task – do you?

These 20 questions aren’t about theory; they reflect real-world weak points that we see every day. If you can’t answer them confidently, we can help.

The 20 questions you need to answer

Visibility & monitoring

  1. Do you have complete visibility of your IT assets?
  2. What visibility do you have into incidents and events across your infrastructure?
  3. How do you manage your security tooling?
  4. How many different tools are you running — and are they working together?
  5. Are your systems and endpoints patched regularly?

Our advice: Gaining complete visibility starts with consolidating event data, automating alerts, and ensuring continuous oversight across your entire estate.

Take a look at:

Threat detection & response

  1. What happens if an incident occurs after hours? How do you find out? Who responds?
  2. When was your last penetration test? How regularly do you conduct them?
  3. What protections are in place for endpoints, email, and networks?
  4. What level of visibility do you have into potential breaches?
  5. Do you work with a partner that offers 24/7/365 response and real-world support?

Our advice: Improve threat visibility and reduce response times by combining real-time monitoring with expert-led incident analysis and containment.

Take a look at:

Cloud & modern IT risk

  1. Do you use public cloud services?
  2. Are you confident in how they’re secured?
  3. How do you manage and secure user devices remotely?
  4. What vendors are you currently relying on — and are they right for your risk profile?
  5. How do you secure your network beyond the firewall?

Our advice: Extend visibility beyond the traditional perimeter by applying cloud-native monitoring, endpoint telemetry, and policy-based access control.

Take a look at:

People, process & planning

  1. How are your users trained to detect attacks such as phishing?
  2. Do you have access to expert help in a crisis? What cyber expertise exists in-house — is there a dedicated security leader?
  3. How do you create a positive security culture, not just rules?
  4. What threats are most relevant to your industry?
  5. Are you meeting required regulations and compliance standards?

Our advice: Build better situational awareness by aligning people and processes with continuous monitoring and clearly defined escalation paths.

Take a look at:

And a bonus question, with potentially the most worrying answer of all…

What would a breach cost your business — financially and operationally?

Putting it all together

While individual solutions can address specific security challenges, working with a trusted managed services and security partner ensures cohesive, round-the-clock support across every aspect of your cyber security posture — delivering greater efficiency, resilience, and long-term value.

We work with IT and security leaders across all sectors to assess risk, build resilient cyber strategies, and deliver comprehensive protection that scales with your business.

From real-world penetration testing to 24/7/365 threat detection, cloud security, and expert consultancy, we’re your trusted partner in securing the ‘now’ — and preparing for what’s next.

 

Don’t wait for a breach to find your weak spot. Find out more about our cyber security services.

Cyber security services Talk to us

Cyber Security, MDR, Threat detection, EDR, Incident Response, CyberGuard, Blogs, SIEM, Vulnerability Management, SAE

Latest blogs

See all posts
IT failure
How to prepare for a major IT failure

When a major IT failure strikes, organisations don’t get a second chance to prepare. Decisions must be made quickly, and IT information needs to be trusted, accurate, and accessible. This is where business continuity (BC) software can play a crucial role in strengthening IT service continuity (ITSC). In this article we consider what you can do to prepare in advance of an IT failure occurring and then look at how BC software can help.

Read more
penetration testing
Common vulnerabilities found in penetration testing - how to fix them

You lock your front door at night - but what about your digital one? Every website, app, and online service you use is like a house with its own set of locks. Some are sturdy and well‑maintained, while others have loose hinges, missing keys, or windows left wide open.

Read more
Placeholder thumbnail
What is cloud computing and how it benefits businesses

If you stream films on Netflix or check your email from anywhere in the world, you’re already using the cloud. But for large enterprises, cloud computing is far more than consumer convenience - it’s the foundation for operational agility, cost optimisation, and long‑term resilience. Today, the cloud underpins digital transformation across every industry. It removes the limits of traditional on‑premises infrastructure, replacing them with scalable, secure, and cost‑efficient services delivered over the internet. So, what is cloud computing really? Think of it like a global utility grid Just as organisations don’t generate their own electricity, they no longer need to build and maintain vast IT estates to power their operations. Instead, they plug into a global network of hyperscale data centres and pay only for the capacity they consume. This model transforms IT from a capital‑intensive function into an agile, consumption‑based platform that can grow or shrink instantly with business demand. Demystifying “the cloud”: what it actually is Despite the name, the cloud isn’t ethereal. It’s built from thousands of enterprise‑grade servers housed in heavily protected data centres around the world. These provide: Always‑on global availability Enterprise‑grade physical security Redundant power, cooling and connectivity High‑performance compute and storage resources Instead of storing your data on a single device or server, the cloud stores information across these resilient environments, enabling global access, multi-layer redundancy, and seamless continuity. Reducing enterprise IT costs without compromising capability Historically, enterprises spent heavily on hardware refresh cycles, data centre space, maintenance, and large support teams. Cloud computing removes these constraints. With a cloud operating model, organisations can: Shift from CapEx to OpEx Subscribe to the compute, storage and applications you need - instead of owning hardware. Avoid hardware lifecycle management Infrastructure is continuously refreshed by the cloud provider. Optimise usage Pay only for what you consume, with autoscaling to manage peaks and troughs. Reduce hidden overheads Power, cooling, physical security, patching and maintenance are no longer your responsibility. For large organisations with complex estates, this delivers predictable budgeting and measurable savings. Resilience and data protection: your always‑on safety net Enterprise outages can halt business operations. Traditional on‑premises infrastructure creates single points of failure. Cloud architecture removes this risk with: Built‑in geo‑redundancy Automated backups Multi‑site replication High availability by design If a device is lost, a server fails, or a site experiences disruption, your systems and data remain secure and accessible. This ensures continuity, protects reputation, and reduces recovery time dramatically. Scalability at enterprise scale: power for any demand Scalability is essential for large organisations with fluctuating workloads or global operations. Cloud platforms automatically scale to handle: Seasonal or event‑driven spikes Large-scale data processing Rapid user onboarding Global expansion Capacity expands the moment it’s needed - and scales back down afterwards - allowing enterprises to stay agile and cost‑efficient. Enabling hybrid work and seamless collaboration Enterprise teams are now spread across regions, countries and time zones. Cloud‑based collaboration tools eliminate version control issues and data silos. With cloud productivity solutions: Teams work from a single source of truth Multiple users can co-edit in real time Permissions and governance are centrally managed Hybrid workers get the same consistent experience This dramatically improves operational efficiency and supports a modern, flexible workforce. The cloud isn’t the future - it's the enterprise advantage today For large organisations, the cloud delivers: Lower infrastructure costs Stronger resilience and security Rapid scalability Higher productivity and collaboration Simpler hybrid working Freedom from legacy limitations It’s not a future trend - it’s the foundation of modern business.

Read more
Placeholder thumbnail
Seven CEO priorities to cut cyber risk in 2026

Cyber risk in 2026: a core business issue, not just an IT problem The Global Cybersecurity Outlook 2026 report by the World Economic Forum highlights seven priorities CEOs should own:

Read more
PSTN Switch-off
What is the PSTN Switch-off? UK network modernisation explained

The PSTN switch-off marks a significant shift in telecommunications. It's a move from traditional landlines to digital solutions. This transition is set to transform how organisations communicate.

Read more
Placeholder thumbnail
BCM software: what it is and why you need it in 2026

Business disruption is no longer an exception - it is an operational reality. Cyber-attacks, supply chain failures, extreme weather and system outages now pose ongoing risks for organisations of every size.

Read more

Stay service-savvy

Get all the latest news and insights straight to your inbox.