As the nature of IT security threats evolve, the difference between an organisation susceptible to a catastrophic incident, and an organisation that is resilient in the face of sustained attacks, will be sound practices, good tools, an excellent culture and a trusted security partner.