Most of the organizations I speak with are talking about cyber-risk these days, and for good reason. Unfortunately, many of them are doing a lot more talking than actually doing. Some of this is human nature – threats are “somebody else’s” problem until they hit close to home, and it’s no different in cybersecurity. Often, the risk only starts to feel real once it’s too late. What actions can you take to get ahead of the game?