“In cybersecurity it’s never ‘no risk’. Unless you’re going to unplug the computer from the Internet and put it in a room with doors and no windows, it will always be at risk of compromise,” Burnette said. “Once you acknowledge this, your approach becomes, ‘What security posture can I get comfortable with that does what’s reasonable and prudent for the organization and our stakeholders?’”