In a ‘right now’ world, organizations around the globe are constantly being bombarded by cybersecurity attacks. Yet we continue to hear of organizations that fall victim to these attacks. The impact of a cybersecurity incident can damage the brand, cause a drop in the stock price, result in loss of revenues, and, worst-case scenario, put the organization out of business. Recently, Lincoln College, a 157-year-old institution, recently announced it is closing due to the impact of a ransomware attack that corrupted its mission critical systems. Why do leaders fail to incorporate a cybersecurity program as a core component of their business strategy or choose to allocate funding to other organization needs? This session will discuss practical concerns related to incorporating sound cybersecurity principles and controls into the strategic planning process. This is not a technical presentation. The session will explore the realities that all organizations face related to cybersecurity and the responses that should be integrated into business strategy at the highest levels of the organization.