Businesses should not view cyber security as an issue solely for the IT department, but should instead treat it as something to be tackled by the whole company.
This is the advice of Thomas Parenty and Jack Domet, authors of the book A Leader's Guide to Cybersecurity, who told the Harvard Business Review's IdeaCast that risks are often left for the IT representatives to deal with.
However, by assuming these employees have the technology in place to fix problems, business leaders may believe they are adequately protected when they are not - and could be leaving themselves open to cyber attacks.
Mr Parenty and Mr Domet instead recommended taking a different approach, in which everyone from the chief executive downwards takes an active role in thinking about cyber security and considering the issues that might occur.
They suggested this is far more holistic and effective in the long run than attempting to buy technology that patches individual problems.
"If you actually have focus on knowing what is important to protect, understanding the kinds of cyber attacks that could compromise critical activities, you are in a much better place to defend yourself properly than if you take more of a shotgun approach," the two authors concluded.
According to Hiscox, 60 per cent of UK businesses had faced at least one cyber attack by August 2019.