Why Your Organization Needs Cybersecurity

Why Your Organization Needs Cybersecurity

By John Bandler

Every organization should be convinced that they need cybersecurity.

But some are not convinced yet, and some don't fully realize what cybersecurity should entail in their organization. Others mistakenly think that because cybersecurity is not their area of expertise or area of business that they can't do anything about it.

Let's dive in and lay out some basic principles so your organization can get to work on improving its cybersecurity.

Your workplace is probably an "organization"

If you are working somewhere, it is probably an organization, and thus needs cybersecurity.

This includes companies, corporations, partnerships, LLCs, LLPs, non-profits, government entities, and any other type of organization.

It needs cybersecurity, and a cybersecurity program. Cybersecurity needs to be managed and performed properly.

Unfortunately, many organizations have not gotten started yet.

Organizations need to do something

We start with a simple proposition we can all agree upon. Organizations must do something.

If they are doing nothing, that is probably unreasonable, sloppy, and negligent.

Organizations need to devote reasonable resources to cybersecurity

We can probably all agree on this next proposition: Organizations need to devote reasonable resources to cybersecurity, and have reasonable cybersecurity.

Every now and then someone disagrees with this, but their position cannot prevail, and cannot be supported.

If you are managing an organization and you are willing to admit that you are not devoting reasonable resources to cybersecurity, and that you don't have reasonable cybersecurity, then you are potentially admitting to being unreasonable, even negligent and sloppy.

Approach it with facts and logic

Organizations need to approach cybersecurity as they approach other complicated issues that are not within their line of business expertise. They must rely upon diligence, facts, logic, weighing of risks, benefits, and options. They can seek advice from trusted experts in the field.

They need to apply trusted principles of management, to include

• Designate a person in charge
• Implement a written policy
• Train
• Lead, supervise, and manage.

The basics of a cybersecurity program

The basics of a cybersecurity program include a written cybersecurity policy, someone within the organization designated to manage cybersecurity, and training. I lay this out in another article too (links below). What the organization does must be reasonable under all the circumstances.

I recommend focusing on my three main goals of cybersecurity:

1. Protect from cybercrime,
2. Comply with legal requirements, and
3. Accomplish the mission better by improving efficiency and management of information systems.

Organizations can also apply my Four Pillars of Cybersecurity to organize cybersecurity for the home or business by focusing on (1) Knowledge and Awareness (since people make cybersecurity decisions, (2) Secure computer Devices, (3) Secure Data, and (4) Secure Networks (and Internet Usage), then Repeat and continually improve.

Where organizations do their diligent and good faith best to protect, comply, and manage their information assets well to serve the mission, they also achieve a fourth goal, peace of mind.

Every organization needs a cybersecurity program

No organization can afford to ignore cybersecurity, so they need to build and maintain their cybersecurity program. I have built resources on this and can provide services as well (see links below).

There is more to know about cybersecurity

Yes, there is a lot to cover on cybersecurity. That's why I wrote a book on it in 2017, and am writing another, and have a lot of articles and videos on the topic.

More learning

To learn more about cybersecurity, consider these:

• Why Your Organization Needs Cybersecurity (in eleven minutes), companion video on YouTube (also embedded below), https://youtu.be/gE_PwhnUWSs
• Cybersecurity
• Cybersecurity main goals
• Cybersecurity Tips from John Bandler
• Bandler's Four Pillars of Security
• Overview of Bandler's DIY cybersecurity program
• Cybersecurity things to know
• Cybersecurity and Cybercrime Prevention (course outline)
• Cybersecurity for attorneys (course outline)
• Cybersecurity and Cybercrime Prevention (course outline)
• Cybersecurity course at Udemy
• Key terms definitions
  • Information security
  • Information asset
  • Cybersecurity program
• Within my books
  • Cyberlaw book (2024), Chapter 17: Introduction to Cybersecurity and Cybercrime Prevention
    • Chapter resource page, https://johnbandler.com/cyberlawbook-resources-ch17/
  • Policies and Procedures Book (includes cybersecurity policy work)
  • Cybersecurity for the Home and Office: The Lawyer's Guide to Taking Charge of Your Own Information Security (2017 book)
  • Cybersecurity Book (coming someday)
• See the Bandler Cybersecurity Program DIY program video course either on YouTube or Udemy
  • See my free YouTube course (four videos, no registration required)
  • See my free Udemy course (five videos with downloadable handout)
• See all of the Bandler Cybersecurity Program DIY webpages here (videos embedded at bottom of each page)
  • 1. Overview of Bandler's DIY cybersecurity program
  • 2. Bandler's cybersecurity program (what it is)
  • 3. Build Bandler's cybersecurity program yourself (This page)
  • 4. Maintain and improve your implementation of Bandler's cybersecurity program yourself
• My articles for Reuters, available here (clean PDF, no ads):
  • The cybersecurity program of your firm: a quiz and roadmap for next steps, October 21, 2025
  • Build your cybersecurity program in your firm or organization, December 15, 2025
  • Maintain and improve your cybersecurity program in your firm or organization, February 17, 2026

This page is hosted at https://johnbandler.com/why-your-organization-needs-cybersecurity. Copyright John Bandler, all rights reserved.

Page posted 03/06/2026. Updated 03/06/2026