Cybersecurity main goalsCybersecurity three main goals - Bandler 2025-12-23

By John Bandler

As organizations think about and work on cybersecurity, they want to keep their goals in mind.

I developed these as a conceptual guidestar, a 30,000 foot view on what they should do, without any technology or cybersecurity terms.

I recommend focusing on my three main goals of cybersecurity:

(1) protect from cybercrime,

(2) comply with legal requirements, and

(3) accomplish the mission better by improving efficiency and management of information systems.

These three goals usually provide a motivation for everyone to prioritize the important work of cybersecurity. Let's examine each of these three, plus a bonus fourth.

Protect

Protecting from cybercrime is an essential part of cybersecurity. It starts with protecting against my Three Priority Cybercrime Threats: Data breach, Ransomware, and Email Based Funds Transfer Frauds (more details in the article linked below).

Some people rightfully fear becoming a victim of cybercrime, so this is a valid motivator for those people. Everyone is at risk for cybercrime, no one is immune.

Comply

There are legal requirements regarding cybersecurity, and organizations need to comply with them. I summarize these requirements in the simplest fashion with these three words: "Have reasonable cybersecurity." The requirements are more complex, and might include the need to have a cybersecurity program, written cybersecurity policy, incident response plan, and so forth.

If the organization is successful at protecting against cybercrime, it is less likely their cybersecurity compliance will ever be called into question. But if they suffer a cybercrime event, including a data breach or theft of funds, it becomes more likely they will be accused of having non-compliant or negligent cybersecurity.

Mission

After years of practicing in this space, the importance of mission became clear.

First, many in an organizations are not motivated by the need to protect or comply. They think the cybercrime won't happen to them, and the regulatory or legal issue won't arise, and view compliance as a cost center or time waster. In fairness, no organization exists just to comply, or just to protect against cybercrime. It exists for the mission, because that is what serves customers or clients, brings in revenue, pays salaries and keeps the lights on.

Further, organizations that fail to properly manage their information systems usually have poor cybersecurity and poorly utilize them to achieve their business goals. And organizations that manage their information systems well can improve both their cybersecurity and how they operate their business.

The fourth bonus goalFourth Bonus Goal of Cybersecurity - Peace of Mind 2025-12-23 Bandler

Where organizations do their diligent and good faith best to protect, comply, and manage their information assets well to serve the mission, they also achieve a fourth goal, peace of mind. They are spending reasonable time and effort to address the cybersecurity issues before them, doing their reasonable best.

Consider them like the motorist starting a trip after having researched the route, in a car they know is properly maintained and registered. They know the rules of the road and how to drive safely, and are rested, sober, and attentive. They will enjoy the ride with peace of mind.

Where individuals and organizations procrastinate and fail to tackle the work of cybersecurity, they are left with worry, uncertainty, fear, and the knowledge they are not doing what they are supposed to.

They are more like the driver whose vehicle registration is expired, the brakes aren't working well and a tail light is out. They are driving home after a few drinks (which is a few too many) and are hoping to avoid an accident or a traffic stop. They know if the accident happens or the cops pull them over, they will be in trouble.

Next steps

The above are good to focus on first and for motivating people and organizations to work on cybersecurity, especially if they are not already convinced, or not aware of what cybersecurity entails. Once this important step is done, they need to dive into some of the basics of cybersecurity. I cover that in detail in other places, and for now let's consider:

1. Realizing what cybersecurity is. I think of it as simply "cyber + security", the process of securing digital information (and information assets while we are at it) and protecting from cybercrime.

2. Knowing the three main objectives of cybersecurity, achieving the confidentiality, integrity, and availability of information assets.

3. Knowing the three types of cybersecurity "controls" or "safeguards" to achieve those objectives: physical, administrative, and technical.

Bandlers Four Pillars of Cybersecurity

4. Consider my Four Pillars of Cybersecurity to organize cybersecurity for the home or business by focusing on (1) Knowledge and Awareness (since people make cybersecurity decisions, (2) Secure computer Devices, (3) Secure Data, and (4) Secure Networks (and Internet Usage), then Repeat and continually improve.

Every organization needs a cybersecurity program

No organization can afford to ignore cybersecurity, so they need to build and maintain their cybersecurity program. I have built resources on this and can provide services as well (see links below).

There is more to know about cybersecurity

Yes, there is a lot to cover on cybersecurity. That's why I wrote a book on it in 2017, and am writing another, and have a lot of articles and videos on the topic.

More learning

To learn more about cybersecurity, consider these:

This page is hosted at https://johnbandler.com/cybersecurity-main-goals. Copyright John Bandler, all rights reserved.

Page posted 12/23/2025. Updated 12/28/2025