Data breaches are increasingly common, and despite major international regulatory changes such as the General Data Protection Regulation (GDPR) kicking things into gear, most organisations do not recognise where their biggest vulnerabilities lie. Cyber security spending increases with demand, but management should focus on their ‘weakest link’ – people – and concentrate on educating staff and improving processes to ensure resilience.