"Cybersecurity is on the agenda of most executive committee meetings, but should perhaps be given extra attention in view of the growing threats during the pandemic. In the midst of the second wave of the coronavirus and concerns about a potential third wave, companies should be proactive in addressing the threats, and plan ways of preventing successful cyberattacks rather than responding when they occur. However although prevention measures are important, there is also a need for cyberattack detection, response and recovery capabilities. This pandemic has taught us that preparation is key to successfully limiting the risks related to cyberattacks. The ability to quickly react to unforeseen events helps reduce the impact of a cyberattack. Companies that already benefited from secure remote working capabilities will be better prepared to face the continuous increase of cyber threats. Companies that were caught off guard will have to quickly assess their exposure to cyber threats and prioritize initiatives to address their cybersecurity gaps with recommended practice. In addition, corporate owned devices should be the standard for companies allowing remote access to confidential and sensitive data. When it is acceptable to access corporate data from a personal device, cyber risks should also be assessed and actions should be taken to limit cyber threats exposure. The reality is that companies need to change their outlook from ‘if’ they get attacked, to ’when’, and recognize that the fallout from breaches of data privacy or ransomware can be financially devastating. It should also be remembered that financial gain is not the only motive behind cyberattacks. ‘Hacktivism’ and its aim of damaging business reputations is an additional threat."