Cyber policies are extremely important as they go over most of the cyber coverage gaps that are in the security force. Cyber attacks are exponentially increasing every day and it has become ever more crucial for organizations to meet and discuss if the policies and infrastructures they have are enough to protect the organization. Besides having insurance to help cover the costs of smaller attacks, it is fairly difficult to develop a universal policy to apply since the cyber world is evolving every day. Other than the fact that this system is constantly evolving, it is a difficult topic to discuss and understand especially to those who aren’t in a related field of work. To accurately develop these policies, you must also be able to understand and take into account risk assessment. There is a whole myriad of factors that must be considered. Customer data, employee data, company plans, government secrets, etc. Of course, all information is important but HOW important is the data You have at your disposal? Unfortunately, most companies seem to only care about what is happening during the attack not how to prevent it. Since most attacks are very unpredictable and erratic, companies see this as an opportunity to have a good response instead of a good defense. The costs for these attacks, however, can reach from the thousands to the tens of thousands to the millions and billions. Look at SolarWinds for example. Poor preventative measures resulted in a huge hack resulting in personal information being leaked and sold on the black market. In the end, it is still too difficult to create a policy or infrastructure than can perfectly match all objectives. Organizations need to be able to evolve with the evolving cyber space to stay secure and successful. They can do this by constantly educating themselves on the issue that is cyber security.