I’ve often reflected on the almost seamless overlap between cyber and information. They’re frequently treated as interchangeable, and in many respects, they are. Yet beneath the surface of technical definitions and boardroom jargon lies a more nuanced truth: the notion of cyber didn’t emerge solely from the internet age — it was born out of a deeper need to protect the use of information.
Let’s take a step back. At its core, what is a business if not a system built on the gathering, processing, and movement of information? Financial transactions, customer interactions, intellectual property, operational plans, and strategic decisions — all rely on data moving through people, platforms, and processes. A company might manufacture products or provide services, but none of that occurs without the efficient and secure flow of information.
Here lies the paradox: organisations thrive through their use of information, yet they are also most vulnerable because of that very use.
Information, by itself, is inert. It becomes dangerous not through existence, but through application. It’s not the breach that harms — it’s what is done with the data once it’s out. A spreadsheet isn’t problematic on its own. But when it’s emailed unencrypted to the wrong recipient and ends up in the public domain, the risk is no longer theoretical. The threat lies not in the object, but in the action.
The word cyber has become shorthand for a certain class of risk. But in truth, it originated as a term to describe something more abstract: the convergence of information, digital networks, and human behaviour. It’s not just about the internet. It’s about control, misuse, and consequence. The cyber domain is where intangible data meets very tangible risk — financial, reputational, regulatory, and in some cases, even geopolitical.
In other words, cybersecurity isn’t simply about locking down devices or defending networks. It’s about safeguarding information in motion. Not just the walls of the fortress, but what’s happening inside, who’s coming and going, and how the gates are being used. That’s why cyber risk is fundamentally a business risk. Because today, every meaningful decision in an organisation is informed by — or executed through — data.
This is where terms like “information security” and “cybersecurity” begin to overlap. Traditionally, information security focused on confidentiality, integrity, and availability. Cybersecurity expands on that, layering in technology, external threats, and behavioural factors. But if you strip away the tech, the principle remains the same: protect the use of information.
When we hear talk of “cyber resilience” in boardrooms, what’s really being discussed is the organisation’s ability to use information reliably, safely, and lawfully. That’s why data protection, cybersecurity, and information governance are no longer siloed disciplines — they’re converging. Because no modern business can afford to separate its data strategy from its risk strategy.
If you examine the major cyber incidents of the last decade, you’ll find they are rarely purely technical. More often, they involve human failings — poor judgement, lack of oversight, convenience overriding caution. A phishing email is only dangerous because someone, somewhere, chooses to trust it. Once again, the risk isn’t the tool. It’s the use.
So, cybersecurity isn’t just an IT issue. It’s a cultural issue. A leadership concern. A question of survival in the digital age. Because if the use of information is what powers business, then protecting that use is what sustains it.
Cyber, then, is more than a department or a buzzword. It’s a response to the reality that every interaction, digital or physical, generates opportunity — and risk.
So next time someone asks what “cyber” really means, tell them this: it’s about the choices we make when we use information. And every choice has consequences.
- business a.m. commits to publishing a diversity of views, opinions and comments. It, therefore, welcomes your reaction to this and any of our articles via email: comment@businessamlive.com
