IT Cyber Security Myths and Facts

Cyber Security Myths Busted: Don’t Risk Your Data, Make Sure You Know Them

December 29, 2023

Ollie Rayburn


Cyber threats are not just evolving – they’re becoming more cunning and lifelike. Amidst this technological turmoil, it’s crucial to acknowledge that misinformation is rife, giving rise to a deceptive sense of security among individuals and businesses. To navigate this cyber wilderness successfully, companies must grasp the reality behind prevalent cyber security myths and adopt best practices that offer comprehensive data protection.

Join us on this journey as we unravel ten common myths about cyber security, arming you with the knowledge needed to shield your invaluable data from the shadows of digital deception. Let’s separate fact from fiction and empower ourselves to face the challenges of today’s cyber landscape confidently.

Cyber Security Myth #1: Cyber Security Isn’t Something I’m Responsible For

The prevailing notion in cyber security often hinges on the belief that safeguarding digital assets is solely the responsibility of the IT department.

Cyber Security Fact: Contrary to this misconception, the truth is that everyone within an organisation plays a pivotal role in cyber security. Whether you’re a CEO making high-stakes decisions or an intern just starting your career, individual online actions can significantly affect the overall security of an organisation. The human element, often the weakest link in the security chain, is frequently targeted by cyber threats.

According to the 2023 Verizon Data Breach Investigations Report, a staggering 74% of breaches involve the human element, encompassing social engineering attacks, errors, or misuse. Your employees, often the primary targets of phishing attacks, become unwitting entry points for cyber adversaries who exploit a lack of security awareness.

Understanding this reality is crucial, as it unveils the vulnerability of your workforce—the most fragile yet critical facet of your defence strategy. Clicking on suspicious links or downloading unverified software without caution can have severe consequences.

Employee education emerges as a powerful antidote to this myth. By instilling an awareness of cyber security’s importance and providing practical insights into recognising and mitigating risks, organisations empower their personnel to identify potential threats and adapt their behaviour accordingly. In essence, dispelling this myth is not just about debunking a misconception; it’s about fortifying the human firewall that stands as the first line of defence against cyber threats.

Cyber Security Myth #2: Small Companies Aren’t Targeted By Hackers

It is commonly believed that hackers reserve their efforts for mega-corporations like Facebook, Uber, and IBM. The truth, however, paints a different picture.

Cyber Security Fact: Small businesses, far from being immune, find themselves in the crosshairs of cyber threats more often than one might think. The UK Government’s 2023 Cyber Security Breaches Survey reveals that a substantial 32% of small businesses reported falling victim to a cyber-attack in the past 12 months.

Ironically, small businesses are often preferred targets precisely because they may lack the robust security measures implemented by larger corporations. Security vulnerabilities in smaller organisations, such as lax password policies, failure to apply timely updates, and a lack of security software, make them enticing targets.

The stakes are higher for smaller firms, as the aftermath of a cyber-attack can be devastating, potentially leading to closure. While the financial gains for hackers targeting businesses are apparent, the impact on smaller entities is disproportionately severe. Given limited cyber security budgets, seeking the guidance of cyber security consulting services becomes crucial. These services can recommend and implement the most effective defences tailored to the specific needs and constraints of small businesses. They assist in navigating the cyber threat landscape with resilience.

Cyber Security Myth #3: My Passwords Will Keep Me Secure

Isn’t it widely believed that with robust passwords, your digital fortress is impervious to breaches?

Cyber Security Fact: The reality, however, paints a different picture. Relying solely on passwords is akin to leaving your front door unlocked in the face of evolving cyber threats. A shocking report by The Account Takeover uncovered a staggering 24 billion compromised username and password combinations on sale on the dark web. This marks a significant increase from the 15 billion reported in 2020.

Dispelling long-standing password myths becomes imperative in this digital age. A prevalent misconception suggests that making a one-word password intricate with capital letters, digits, or special characters renders it uncrackable. However, the actual key to security lies in the length of the password, not its complexity. While short, complex passwords can be deciphered within days, longer passwords—especially those crafted from memorable phrases—significantly prolong the time required for a successful breach.

The initial step towards fortifying your digital defences involves creating a robust, nearly impervious password. Yet, even with a strong password, vulnerability persists if the service you use falls victim to a breach, granting unauthorised access to your credentials. To counteract such threats, embracing Multi-Factor Authentication (MFA) is paramount. This method introduces an additional layer of verification, necessitating a second step during login, such as entering a security code sent to your phone or accessible through a specialised verification app. Even if a hacker gets your password, these measures act as a deterrent, securing your digital assets.

Cyber Security Myth #4: To Protect My Business, We Only Need Basic Anti-Virus

Are anti-virus programmes the sole safeguard against the rising tide of online threats, or is there more to the equation?

Cyber Security Fact: While basic anti-virus serves as a foundational defence, it proves inadequate in the face of sophisticated threats that demand a more comprehensive approach. According to, the average ransomware attacker now demands a staggering $1.5 million in 2023. A stark reality surfaces when delving deeper – over 80% of those who pay a ransom find themselves under attack again, underscoring the urgent need for robust cyber security measures.

Specialised technologies have emerged to combat specific challenges, such as the insidious threat of ransomware. Optimal security often stems from a synchronised approach, where all your solutions seamlessly communicate with one another. This all-encompassing strategy covers endpoints, firewalls, network connections, emails, and more, creating a fortified defence against a spectrum of potential threats.

Considering the interconnected nature of modern business operations, an additional layer of protection is not just recommended, but crucial. Incorporating backup and disaster recovery solutions is a prudent step, enhancing your resilience and mitigating potential issues. This fortified approach ensures that your business stands resilient, ready to confront and overcome the multifaceted challenges posed by the ever-evolving landscape of cyber threats.

Cyber Security Myth #5: Macs Are Immune To Viruses And Malware

Isn’t it true that Mac users exist in a cyber utopia, shielded from the woes of viruses and malware?

Cyber Security Fact: While Macs have long enjoyed a reputation for being less targeted than their PC counterparts, the notion of invincibility is a myth. As the Mac user base grows, so does the attention it attracts from bad actors.

According to a revealing Moonlock Mac Security Survey 2023, over 50% of respondents admit to being directly affected by malware, hacking or scams, either personally or through someone close to them.

For years, Mac users took pride in their seemingly impenetrable laptops. However, the landscape is evolving. Mac users now face three primary threats: Trojans, Adware, and Potentially Unwanted Applications (PUA). Among these, Trojans emerge as the most significant threat, constituting more than half of all threat detections. Trojans, especially those exploiting unpatched vulnerabilities, pose a substantial risk, especially for users who tend to postpone installing the latest security patches from Apple. A striking example is EvilQuest, accounting for more than half (52.7%) of all Trojan detections. The truth is evident: all devices, even Macs, are susceptible. Mac users must remain vigilant, regularly installing software updates to fortify their defences against the evolving landscape of cyber threats.

Cyber Security Myth #6: Using Password-Protected Public Wi-Fi Is Safe

Have you ever been comforted by the sight of a little “lock” icon next to a public Wi-Fi network? Did you think it assures the safety of your information?

Cyber Security Fact: The reality is far from the perceived security that the lock icon suggests. Hackers, with their adept skills, can effortlessly pilfer data from seemingly secure public networks. Forbes conducted a study revealing that a staggering 40% of respondents had their information compromised while innocently connected to public Wi-Fi.

The lock icon, unfortunately, provides no meaningful protection. Once a hacker gains access to the same network as their target, employing just a few tools allows them to snatch or manipulate your information. Adding to the vulnerability, attackers can execute a Man-in-the-Middle (MITM) attack using various software tools. This malicious tactic reroutes all your data through the hacker’s system before connecting to the intended destination.

A Virtual Private Network (VPN), is a common solution for data security. A VPN establishes a protected “tunnel” between your device and the websites you visit, employing robust encryption that renders your data unreadable to potential hackers. Don’t fall into the trap of assuming a Wi-Fi network is secure just because it has a password. Acknowledge the inherent risks on public networks and deploy a trusted VPN solution to safeguard your data effectively.

Cyber Security Myth #7: Only Certain Industries Are Vulnerable To Cyberattacks

Some companies think that cybercriminals will not target them because of the industry they operate in. Other companies think that they do not have data worth stealing. They’re both wrong.

Cyber Security Fact: The truth is that cyber-attacks can penetrate any business, irrespective of its industry or perceived data value. Hackers are equal opportunity infiltrators, targeting businesses of all sizes and across diverse sectors, including finance, charities, and insurance providers. The alarming reality is that a hacker attack occurs every 39 seconds.

It’s essential to shatter the illusion that media portrayals offer a comprehensive representation of cyber threats. The high-profile data breaches making headlines are merely the tip of the iceberg. A vast and diverse array of cyber threats transpire beneath the surface.

Moreover, the perceived selling value of targeted data on the dark web doesn’t necessarily correlate with its significance for a business’s operations. Ransomware can encrypt data, denying access until a ransom is paid for a decryption key. Even data deemed of “low value” can prove lucrative for cyber thieves. This emphasises the indiscriminate nature of cyber attacks and the need for businesses across all industries to proactively bolster their cyber security measures.

Cyber Security Myth #8: I Will Know Straight Away If My Business Is Attacked

In the event of an attack, immediate detection is guaranteed.

Cyber Security Fact: Contrary to this belief, sometimes it’s in a hacker’s best interest to remain unnoticed. The longer an attack lingers undetected on your system, the more information it can amass, and the greater the potential for damage. Detection, unfortunately, is not instantaneous. According to the IBM Cost of a Data Breach Report 2023, the average time to identify and contain a data breach is a staggering 204 days.

In the past, conspicuous indicators like pop-up advertisements or sluggish browser performance served as relatively straightforward warnings of potential fraudulent activities. However, cybercriminals have evolved, adopting more covert tactics that make their operations less easily discernible. Hacking involves perpetrators who have a vested interest in maintaining a low profile for an extended duration. The duration of their access to your systems directly correlates with the quantity of data they can potentially pilfer. The landscape of cyber threats demands a shift in perception, recognising that immediate awareness is not guaranteed and emphasising the need for vigilant, ongoing monitoring to detect and thwart cyber-attacks effectively.

Cyber Security Myth #9: It is Easy To Spot Phishing

Most of us think we can spot a phishing email, but are we really safe against online fraud?

Cyber Security Fact: Phishing attacks have evolved into sophisticated endeavours. In fact, a report by Digital Guardian delivers a startling revelation: 90% of corporate security breaches result from phishing attacks. Vigilance, therefore, becomes not just a good practice but a crucial one.

The deceptive nature of certain phishing emails can be so finely concealed that individuals of any background or level of expertise may fall prey to their manipulative tactics, especially with the advancements in AI. It is imperative to approach hyperlinks with caution, shedding any assumption of immunity to potential vulnerabilities.

Equally crucial is ensuring that staff members possess a comprehensive understanding of the potential dangers associated with phishing. Training becomes a linchpin in this endeavour, enhancing individuals’ comprehension of the intricacies inherent in sophisticated scams and heightening awareness of susceptibility to falling victim to fraudulent activities. Staying informed and educated is the first line of defence against the insidious tactics of phishing attacks.

Cyber Security Myth #10: Security Costs Too Much

Many believe that attaining adequate cyber security demands a significant investment of money and resources. This myth is rooted in short-sighted thinking. It overlooks the fact that cyber security is not just an expense; it’s an investment and a benefit.

Cyber Security Fact: The cost of a security breach significantly surpasses the investment in preventive measures. Organisations subscribing to the notion that cyber security is too expensive, fail to consider the potential negative financial implications. According to IBM, the average total cost of a ransomware breach is a staggering $5.13 million, marking a 13% increase from 2022 and notably higher than the average data breach cost of $4.45 million.

While cyber security demands financial resources, dismissing security as too costly is a myth. The rising use of connected devices coupled with the surge in remote work, amplifies the risk of a breach. For most businesses, control failures, incidents, breaches, phishing attacks and other cyber security issues are not a matter of “if” but “when.” Neglecting to invest in security under the guise of “saving” money now can lead to significant financial loss in the future.

Cyber security investments transcend mere expenditure. They are strategic measures to mitigate potential financial and reputational risks posed by cyber threats. By proactively allocating resources to safeguard against these risks, businesses can steer clear of the far greater expenses often associated with a cyber-attack, including data breaches, regulatory fines, and legal fees. Prioritising your cyber security is an investment that pays dividends in resilience and sustained business integrity.


In the ever-shifting landscape of cyber security, staying informed stands paramount. The first stride toward fortifying your digital defences involves recognising and debunking prevalent cyber security myths. As your dedicated partner, we offer tailored solutions and expert guidance through our cyber security consulting services. Avoid jeopardising your valuable data—instead, invest in security that adapts to the evolving threat landscape. Your digital fortress begins with heightened awareness and proactive measures. Reach out today to fortify your digital domain against the complexities of the cyber realm.

Simplify Security: Sign Up for Our Cyber Newsletter

Cyber security shouldn’t be a headache. Get clear and actionable insights delivered straight to your inbox. We make complex threats understandable, empowering you to make informed decisions and protect your business.