If we think the headlines, with news of major organisations getting breached, shocked us, we will learn that large organisations have poor cyber security hygiene, are not meeting regulations, and are failing to enforce the policies they developed, recommend, and enforce on others. Next year’s news will have even more high-profile names.