Cybersecurity: It’s a question that can never be answered with 100% confidence or certainty. In fact, the real question that every company working to implement an IoT (Internet of Things) strategy should be asking is, how can it protect a business from cyber risk?

As more and more businesses undergo digital transformations, cybersecurity keeps business leaders up at night. Sadly, if you are a c-suite executive you just may be part of the problem when it comes to securing your data and keeping it secure.

Too many businesses that are undergoing an IoT transformation lack a full understanding of basic cybersecurity hygiene. On my radio show and in this column I have mentioned several times a lot of people who are proactively thinking about cybersecurity, and that’s great, but I also point out a lot of folks whose plans are reactive.

This raises some red flags, because when we are just waiting for something to happen, we are not in control—not in the least bit.

AT&T recently released its latest Cybersecurity Insights Report that lays out some important realities when it comes to cybersecurity. The report says many companies establish cybersecurity policies for on-premise solutions, but when they start deploying IoT beyond their four walls, they quickly start to feel like they’re losing control.

You also don’t want to rely too much on third-party providers to handle cybersecurity when your company moves to the cloud. No one cloud provider is going to be able to provide completely gap-less security, so don’t get sucked into a false sense of complacency.

Another point worth making here is that many companies make the false assumption that cybersecurity is the IT department’s job.

Here’s a reality check, c-suite: cybersecurity is your job too. AT&T puts it nicely, saying: “responsibility for risk starts at the top and involves everyone.” Complacency also often starts with the CEOs, CTOs, CFOs, and other c-suite executives.

To avoid this, c-suite executives need to engage themselves in and take responsibility for security before, during, and after your company’s digital transformation. Hire the right people, obviously, but don’t let yourself off the hook, either. AT&T says tear down silos and prioritize collaboration. This is a point that I can’t help but agree.

You may also consider partnering with a security consultant or a dedicated security provider as your company embarks on its IoT journey. Also, be prepared to admit you don’t know how much you don’t know when it comes to cybersecurity.

Interestingly, AT&T’s research says U.S. companies are the least confident with their in-house security, but they are also the most likely to manage their security in-house.

Here’s another interesting statistic: U.S. businesses are overconfident in their security. The real question again is do you feel “untouchable?”

Consider this, cybersecurity talent isn’t as readily available as it probably should be, and there’s no way every company out there has a strong set of in-house security personnel to warrant this confidence.

Taking these facts into account, should companies consider cybersecurity insurance? Is “cyber insurance” a worthy investment, or does it provide a false—maybe even dangerous—sense of security?

According to the Intl. Risk Management Institute, cyber insurance is designed to cover consumers of technology services or products in the event of a security breach that results in stolen or exposed data, such as social security numbers, credit card numbers, etc.

Policies may cover post-breach expenses such as notification costs, credit monitoring, costs to defend claims, fines and penalties, and loss resulting from identity theft.

Here’s the rub: 28% of organizations surveyed by AT&T see cyber insurance as a substitute for investment in cyber defense.

The research suggests roughly a quarter of you are putting a majority of your cyber defense budgets toward insurance.

There is value in it. Considering no one is immune from cyberattacks in this day and age, it may be a wise investment for companies to protect themselves by buying cyber insurance.

However, and this is a huge caveat, if insurance is where the majority of your budget is going, and you’re not also investing in technology that can proactively protect your data and systems, then I think you’re on the wrong track.

Think about where our connected world is heading. We’re talking about proactive maintenance every other blog. We’re talking about big data and analytics, artificial intelligence, and machine-learning algorithms that can predict, so you don’t have to react. Being proactive is always better than reactive, because in a reactive model, there’s no scenario in which the problem is avoided.

So, yes, invest in cyber insurance if you’d like, but please do not think that insurance is going to do anything, but damage control after you’re breached—after it’s too late.

You wouldn’t skip all your preventative wellness visits at the doctor just because you have health insurance, right?

You wouldn’t forego maintenance on your vehicle just because you have car insurance, either? These are imperfect comparisons, but hopefully they are making a point.

The real point here is are you doing what you need to do to protect your data and do you understand what it takes to do it?

Want to tweet about this article? Use hashtags #M2M #IoT #security #data #cybersecurity #cyberattack #AI #blockchain #analytics #machinelearning #artificialintelligence #bigdata #IIoT #IndustrialIoT #blockchain