Despite the constant media headlines, increasing regulation and growing awareness that cybersecurity is a ubiquitous business risk, too many organisations still work on the assumption that cybercriminals will never arrive at their door.

As a result, breaches continue to have a massive financial impact. Indeed, the ransomware situation is becoming so serious speculation is growing that incidents will eventually become uninsurable, and separately, there has been debate around whether payments should be banned entirely.

There are growing signs, however, that the narrative is changing and today there is perhaps more pressure to focus on the risks posed by cybercrime than ever before. Back in May, for instance, President Biden signed an Executive Order designed to address the continuing cybersecurity attacks on domestic technology infrastructure. Announced just after the Colonial Pipeline ransomware incident, recent attacks such as the Kaseya supply chain breach have only added to the sense of collective urgency.

Legislative momentum is also building. Earlier this month, for instance, U.S. lawmakers introduced a bipartisan bill that would require some businesses to report cyber incidents to the government so that it, “can mobilize to protect critical industries across the country.” This is just one of a growing list of proposed cybersecurity laws being introduced to Congress and it seems likely that legal and regulatory frameworks around the world are on the road to becoming much tougher.

While many of these developments are welcome, defeating cybercrime is not just the responsibility of politicians and regulators. At every level, from the very top of government to the people running organisations across the economy, effective cybersecurity depends on proactive leadership backed by proactive technologies.

Take file-based cybersecurity threats, which are growing at a faster rate than ever. The problem is, traditional detection-based security solutions simply can’t keep up and by relying on reactive technologies, such as antivirus and sandboxing solutions, businesses must constantly play catch up with new threats. The numbers are fascinating: approximately 1 in every 100,000 files contain malicious content, with 98% unknown to anti-virus solutions by the time it is removed by Glasswall.

What’s more, it takes an average of 18 days for this malicious content to become known by anti-virus solutions. Meanwhile, sandboxing exposes organisations to risk from advanced malware and disrupts business productivity.

Instead, the Glasswall approach proactively and instantaneously rebuilds files to a “known good” standard. Users benefit from safe, clean files that have been rebuilt to the manufacturer’s published specification, removing any places for malware to hide. This simple approach ensures every document entering the organisation is safe, without sacrificing productivity.

Shifting leadership cybersecurity strategy onto a proactive footing is key to turning the tide. Organisations who remain with their heads in the sand may continue to stay safe for a while, but as any cybersecurity expert will tell you, being on the receiving end of an attack is no longer a question of ‘if’ – it’s a matter of ‘when’.