Executives at even the most sophisticated companies are understandably worried they haven’t done enough to prevent or prepare for a cyberattack. And the stakes are high: loss of proprietary data and consumer information, potential government enforcement and plaintiff actions, as well as reputational harm. But many executives are less comfortable confronting cybersecurity risks than they might be with other corporate issues.

Their concerns coalesce around three realities: cybersecurity is a constantly evolving landscape, and the threat actors and vectors are constantly changing; cybersecurity can seem like a technically complex and overwhelming topic to master, even for business leaders; and companies and government agencies with all the resources in the world are getting hacked.