What is cyber security?

Cyber security is the practice of protecting networks, applications, sensitive data, and users from cyber attacks.

Learning Objectives

After reading this article you will be able to:

  • Define cyber security
  • Explain why cyber security is important
  • Compare common cyber security threats and best practices

Related Content


Want to keep learning?

Subscribe to theNET, Cloudflare's monthly recap of the Internet's most popular insights!

Refer to Cloudflare's Privacy Policy to learn how we collect and process your personal data.

Copy article link

What is cyber security?

Cyber security is the practice of protecting networks, applications, confidential or sensitive data, and users from cyber attacks. Cyber attacks are malicious attempts by individuals or groups to gain unauthorized access to computer systems, networks, and devices in order to steal information, disrupt operations, or launch larger attacks. Common types of cyber attacks include, but are not limited to, phishing, malware (including ransomware), social engineering attacks, and denial-of-service (DoS) and distributed denial-of-service DDoS attacks.

Why is cyber security important?

Cyber security is important because it allows you to reduce risk so that businesses can remain operational, be good stewards of their users’ data and privacy, prevent revenue loss, and avoid regulatory consequences.

Cyber threats come in various forms, with different methods, targets, and purposes. Some of the most common threats include the following:

  • Malware is software designed to disrupt normal operations of a device, and can refer to a wide range of attacks like worms, Trojans, adware, or spyware.
  • Ransomware is a type of malware that locks computer files until the victim pays a ransom fee, with attackers’ goals ranging from purely monetary to taking the network offline.
  • Social engineering attacks manipulate victims into handing over sensitive information used for malicious purposes like fraud or account takeover.
  • Phishing attacks trick victims into sharing usernames, passwords, card numbers, bank account information, or other sensitive data.
  • DDoS attacks are malicious attempts to disrupt the flow of traffic to a server or network by overwhelming the targeted infrastructure with a flood of traffic, which renders them non-operational.

What is the impact of a cyberattack?

The impact of a cyberattack can be far-reaching and devastating for businesses. One of the most significant impacts is economic costs, as cyberattacks can result in the loss of revenue, increased expenses for remediation and recovery, and supply chain disruption.

Cyber attacks can also impact brand reputation. When organizations suffer a data breach or a temporary outage, their brand image may be affected — resulting in poor media coverage and the potential loss of current and future customers to competitors.

Additionally, cyberattacks can result in regulatory costs, as companies may face fines for failing to protect user data in accordance with data protection laws such as the GDPR or HIPAA.

What are cyber security best practices?

There are a number of cyber security best practices that can be applied for both individual people and organizations.

For individuals:

  • Use strong passwords
  • Do not reuse the same passwords for different websites or apps
  • Use multi-factor authentication or 2FA whenever possible
  • Avoid unsecure websites (many browsers will warn you if you are about to visit an unsecured website, or look for a padlock in the URL bar at the top to make sure the website uses TLS for encryption and authentication)
  • Do not download or open unfamiliar files or links
  • Know the signs of a phishing email

For business:

  • Enforce the above for all of your users
  • Have visibility into all infrastructure used in your organization, including shadow IT
  • Use DDoS protection to remain online
  • Use firewalls and WAFs to protect internal networks and external-facing websites
  • Encrypt and back up data
  • Find a third-party risk management solution to implement a Zero Trust approach.