In Part 3 of our exploration of the state of cybersecurity — Part 1 examined the basics of business security, including the core functions (Identify, Protect, Detect, Respond and Recover), while Part 2 addressed the growing and evolving threat environment — we find that the size of your organization doesn’t matter when it comes to risks. The ugly truth is that all organizations are vulnerable, particularly small and medium businesses, which do not offer the financial potential of larger organizations, but also have neither the skills nor resources of wealthier targets.