What is a cyber threat? It’s a simple enough question with a hundred different answers reported daily with increasing sensationalism by the media.

Where does it come from? Is it reclusive teenagers in their bedrooms? Is it Chinese or North Korean hackers? Or is it the people with the white masks?

What do they want to do? To attack critical infrastructure, steal company data or empty bank accounts? What is cyber, and what is the dark web?

It is human nature to gloss over the things we do not fully understand, to ignore or play down a threat in the hope it is never carried out.

Organisations that sensationalise these attacks and their impacts are also to blame, because we become desensitised to what is around us.

However, there are two key, impartial, indicators that we should recognise. The first is that the UK government is spending significantly in this area.

The second is that insurance companies are splitting cyber insurance from other types of risk, to protect themselves from claims from victims of cyber-related crime.

So what, as a business or organisation, can you do that is sensible and achievable?

The first step is to cut through the noise and understand the facts as they relate directly to you and your organisation.

You will have a unique threat profile that depends on what you do, where you do it, how you are funded and how you operate.

If information about your business is for sale on the dark web – content on the internet not visible using traditional browsers – you really ought to know, in much the same way that you should be aware if a particularly aggressive competitor has been targeting your clients.

The threat should be explained in plain English, with no acronyms, and be supported by evidence. It is not your job to understand the technology, but it is your job to manage real risks to your business.

Paul Boam is technical director of Net-Defence