Generate summary with AI

By 2027, the cost of cybercrime is forecast to reach over $23 trillion worldwide.

No one is immune, from the individual consumer at risk of identity theft, to the US State Department and global conglomerates trying to ward off massive data breaches.

A quick look at Google Trends shows that searches about “cybersecurity” are rising steadily and picking up steam with every passing year.

In 2022, there were more than 800,000 cyber attacks in the US alone.

It’s no wonder that cybersecurity is a hot topic, with experts from academia, government, and the tech sector all weighing in.

But what are they saying about cybersecurity, what it means, and where it’s headed?

Take a look at this roundup of best cybersecurity quotes (including embarrassed responses by big names like Twitter and Facebook after suffering data breaches that compromised the data privacy of millions of users): 

Why cybersecurity matters (a lot)

1. “If you spend more on coffee than on IT security, you will be hacked. What’s more, you deserve to be hacked.” ― Richard Clarke, counter-terrorism expert

2. “It takes 20 years to build a reputation and a few minutes of cyber-incident to ruin it.” ― Stephane Nappo, VP global CISO 

3. “Hackers find more success with organizations where employees are under-appreciated, overworked and underpaid. Why would anyone in an organization like that care enough to think twice before clicking on a phishing email?” ― James Scott, senior fellow, Institute for Critical Infrastructure Technology

4. “The importance of epistemic security and cybersecurity is now comparable to that of national security.” ― Roger Spitz, author and futurist

5. “Ransomware is more about manipulating vulnerabilities in human psychology than the adversary’s technological sophistication.” ― James Scott, senior fellow, Institute for Critical Infrastructure Technology

6. “If security were all that mattered, computers would never be turned on, let alone hooked into a network with literally millions of potential intruders.” ― Dan Farmer, security researcher and programmer

7. “A boy taking his dog to a park

Used public Wi-Fi at a landmark

The wifi was faked

Using it’s a mistake

Accounts getting leaked is no lark.”

― Amanda-Jane Turner, author, Cybersecurity for Everyone: Demystifying Cybercrime

Facing the cybersecurity risk

8. “In a field whose purpose it is to focus on flaws, it can be easy to miss the wins. To only pay attention to the one time something went wrong, not the 99 times it went right.” — Dr. Jessica Barker, author, Hacked: The Secrets Behind Cyber Attacks

9. “One of the main cyber-risks is to think they don’t exist. The other is to try to treat all potential risks. Fix the basics, protect first what matters for your business and be ready to react properly to pertinent threats. Think data, but also business services integrity, awareness, customer experience, compliance, and reputation.” ― Stephane Nappo, VP global CISO 

10. “We started by protecting desktops and laptops. Then we moved onto protecting networks to keep the bad guys out. Now there is a need to design protection that works inside the network, mitigating both lateral movement and insider threats, as well as IoT and OT/IT protections as many OT environments are no longer air-gapped from the Internet.” Marc Solomon, CMO, ThreatQuotient

11. “When we conduct a penetration test on a system, we are not changing the state of the application with this inspection; rather, we are changing our uncertainty about the state of the application.” ― Douglas W. Hubbard, author in decision sciences and actuarial science

12. “Computer security can simply be protecting your equipment and files from disgruntled employees, spies, and anything that goes bump in the night, but there is much more. Computer security helps ensure that your computers, networks, and peripherals work as expected all the time, and that your data is safe in the event of hard disk crash or a power failure resulting from an electrical storm. Computer security also makes sure no damage is done to your data and that no one is able to read it unless you want them to.” ― Bruce Schneier, security expert and author

13. “It’s impossible to be completely protected from every vulnerability. That’s because the good guys must protect against every possible vulnerability, while the bad guys only need one small crack in a company’s armor to get in.” — Keri Pearlson, executive director of CAMS (Cybersecurity at MIT Sloan Research Consortium)

Corporate takes on cybersecurity events

14. “On April 3, Business Insider published a story saying that information from more than 530 million Facebook users had been made publicly available in an unsecured database. We have teams dedicated to addressing these kinds of issues and understand the impact they can have on the people who use our services. It is important to understand that malicious actors obtained this data not through hacking our systems but by scraping it from our platform prior to September 2019.” Meta, on the 2019 Facebook data breach

15. “Attackers continue to wreak havoc by stealing data, holding companies ransom, disrupting business operations, and damaging organizations’ reputations. This year’s survey found that more SaaS incidents are being exploited, with 31% (up 5 points from last year) of respondents indicating that their organizations suffered a data breach. Fortunately, SaaS security is now getting the attention it requires. But initial deployment policies and ad hoc strategies don’t lead to repeatable best practices, collaboration, or the continuous vigilance required to maintain a robust and comprehensive SaaS security program.” ― AppOmni State of SaaS Security report

16. “Microsoft plays a central role in the world’s digital ecosystem, and this comes with a critical responsibility to earn and maintain trust. We must and will do more. We are making security our top priority at Microsoft, above all else—over all other features.” Charlie Bell, executive vice president, Microsoft Security

17. “We’re embarrassed, we’re disappointed, and more than anything, we’re sorry. We know that we must work to regain your trust, and we will support all efforts to bring the perpetrators to justice. We hope that our openness and transparency throughout this process, and the steps and work we will take to safeguard against other attacks in the future, will be the start of making this right.” Twitter, on the 2020 account hijacking incident

18.

Elon Musk 

Where cybersecurity is going next

19. “The continuous adoption of cloud, continuous hybrid workforce, rapid emergence and use of generative AI (GenAI), and the evolving regulatory environment are forcing security and risk management (SRM) leaders to enhance their security and risk management spending. At the same time, they are focusing their efforts by adopting technical security capabilities that provide far greater visibility and responsiveness across the organization’s entire digital ecosystem and restructuring the way the security function operates to enable agility without compromising security.” ― Shailendra Upadhyay, senior research principal, Gartner

20. “Just as the Fourth Geneva Convention has long protected civilians in times of war, we now need a Digital Geneva Convention that will commit governments to protecting civilians from nation-state attacks in times of peace. And just as the Fourth Geneva Convention recognized that the protection of civilians required the active involvement of the Red Cross, protection against nation-state cyberattacks requires the active assistance of technology companies.” Brad Smith, vice chair and president, Microsoft

21. “Novices with little hacking experience can now use AI-generated phishing content, malware and more to target everything from individual bank accounts to power plants. Easier access to hacking tools is especially dangerous, as more physical devices and systems, from cars to toothbrushes to the electric grid, are connected to the Internet and open themselves up to attacks. The ‘Flipper Zero,’ a small device anyone can use to hack traffic lights, is an early example of the threat that amateur hackers can pose to physical systems.” Victor Benjamin, assistant professor of information systems, W.P. Carey School of Business,  Arizona State University

22. “As long as organizations worldwide continue to store troves of valuable personal data in unencrypted form in the cloud, individuals remain at risk of having their personal data stolen, exploited, and exposed. Beyond a loss in privacy, breaches can have significant real-life consequences for victims, often through financial loss, identity theft, or follow-on attacks that leverage the stolen data.” Professor Stuart E. Madnick, Ph.D, MIT, in an Apple-commissioned study

23. “The last year has brought a sharp rise in awareness that no one is immune to the possibility of a devastating attack. Not only that, but we’ve also seen the issue of dialing up cybersecurity begin to ripple through boardrooms as a business priority. This increased tension on the issue needs to persist as we map out the best practical pathway forward.” ― John Pescatore,  director of emerging security trends, SANS Institute

24. “Ransomware extortions have become a self-sustaining ecosystem of criminality. It is a thriving business because most victims are willing to pay relatively modest ransoms, which then fund further attacks. Paying a ransom may incentivize bad behavior, but a victimized company usually (and understandably) just wants its data back as quickly as possible.” — Matthew F. Ferraro, former intelligence officer and visiting fellow at NSI, George Mason University

25. “Ransomware attacks alone reaped record payouts in 2023 and are projected to cost the world more than $40 billion in 2024. Nation-states, major corporations, critical infrastructure providers, schools, hospitals and ordinary citizens have all fallen victim. The ubiquity of cybercrime has normalized what was once a niche threat reserved for high-value targets.” — Frank Cilluffo, McCrary Institute for Cyber and Critical Infrastructure Security, Auburn University and Joshua Whitman, interim deputy director of policy at the McCrary Institute

26. “It’s not an ‘if, it’s a ‘when’, right? [You] could be the next in line, you never know. Just because it’s not in the news, doesn’t mean it’s not an issue. You need to start preparing yourselves.” — Ajay Unni, founder of StickmanCyber 

Was this helpful?

Related Articles

65 cybersecurity statistics for data-based strategy in 2025

Read now

Password manager vs. browser-based: Why your browser isn’t enough

Read now

Why avoid flow monitoring in DDoS attack?

Read now

7 Common SNMP security vulnerabilities

Read now

Endless IT possibilities

Boost your productivity with Atera’s intuitive, centralized all-in-one platform