It is not easy to stay proactive.  Despite the reality that it is almost guaranteed that every company will experience some sort of cyberattack, if not multiple attacks, it is hard to stay on top of what it takes to make sure that employees are periodically trained to know what to look out for; that walls are updated with the latest protections; that passwords are consistently changed; that cyberattacks are anticipated and planned for; that these plans are reviewed at least twice a year to keep them fresh and improved;  and a multitude of other protections put in place to shield the data that is your responsibility to keep safe. No wonder executives become complacent.  It is exhaustive work, but you are guaranteed failure, if you don’t.  There is too much at stake not to.