As reported in countless surveys and whitepapers, organisations generally accept that Cyber is now a key risk. So, what should you do next to mitigate this risk? First you should select a suitable set of security controls, then you need a programme of work with suitable resources.
If you are not sure where to start, a good example is the Global Cyber Alliance (GCA) which has built a toolkit for small to medium-sized businesses. The GCA has aligned to the Center for Internet Security Controls (CIS Controls). Select the controls most relevant to your critical assets and start making improvements using the free tools, practical tips and guides located here.