Skip to content
cyber-security.eu
DEEN

What is cyber security?

Cyber security protects digital assets from attack, manipulation and outage. This page explains in plain language what it covers, how it differs from IT and information security and which measures are part of today's standard.

Who this page is for

This page is for beginners, non-technical readers, new hires and managers who want a clear overview before going deeper.

Definition

Cyber security is the set of measures that protect information systems, data and digital identities from unauthorised access, modification or destruction.

The classic protection goals are confidentiality, integrity and availability, often complemented by authenticity and accountability.

Distinction: IT and information security

IT security focuses on information technology in the narrower sense - hardware, software, networks.

Information security is broader and also covers non-digital information such as paper records, premises and people's knowledge.

Cyber security is the digital-first variant, with strong focus on attackers, identity, cloud and supply chains. In practice the terms overlap heavily.

Common threats

Common attacks include phishing, ransomware, compromised identities, supply chain attacks, exploitation of vulnerabilities, data theft and insider risk.

Most successful attacks exploit human or organisational weaknesses rather than sophisticated technical tricks.

People, process and technology

Technology alone is not enough. Security emerges from the interplay of tools, defined processes and trained behaviour.

A good tool without a clear process helps little; a good process without training is not lived in practice.

Typical security controls

These include multi-factor authentication, sound identity management, current systems, endpoint protection, backups, logging, awareness and a defined approach to incidents.

For organisations, structured risk management is added on top.

Common misconceptions

Cyber security is not 'done' once a product is installed. It is not purely an IT task. And it is not won through panic, but through continuous, calm work.

A simple everyday example

An employee receives a mail that appears to come from senior management and asks for an immediate wire transfer. Because she is trained and has a report button in her mail client, she reports the mail instead of replying. The case ends as a phishing attempt without harm. Awareness and a simple reporting path were the decisive controls.

Checklist

  • Executive ownership assigned
  • Protection goals and key risks documented
  • MFA on all relevant accounts
  • Current systems and endpoint protection
  • Backups configured and restore tested
  • Awareness measures for employees
  • A known reporting path for suspicious events

Frequently asked questions

+Is cyber security the same as data protection?

No. Data protection covers personal data legally. Cyber security protects systems and data technically and organisationally. The two complement each other.

+Which standards are relevant?

Common standards include ISO 27001, NIST CSF and, for financial services, DORA.

+Can an organisation be fully secure?

No. The goal is a reasonable reduction of risk, not absolute security. What matters is being prepared when something happens.

+Is a good firewall enough?

No. A firewall is one building block, but modern attacks go through identity, mail and cloud. Without MFA, awareness and backups the firewall alone is of limited value.

Related topics

Cyber security at a glance

Cyber security is more than antivirus. It combines technology, processes and people, protects digital business models and has become a strategic leadership topic. This hub page explains the building blocks and links to deeper topic pages.

Cybersecurity for business

Effective enterprise security combines governance with concrete technical and organisational controls. This page shows what decision makers and IT leaders should focus on first - calm, practical and clearly prioritised.

Cybersecurity for SMEs

SMEs do not need enterprise security architecture, but they do need the right basics. This page shows which measures deliver the most impact on a limited budget and which common mistakes are easy to avoid.

Phishing

Phishing remains one of the most common entry points. Modern attacks look professional, use trusted brands and adapt quickly. Technical filters, awareness and a simple report button belong together.

Security awareness

Awareness works when it is continuous, relevant and fairly measurable. A yearly mandatory training is not enough. This page shows what good organisational awareness looks like.