As the digital landscape evolves at breakneck speed, so too do the risks businesses face. Cybersecurity is no longer the sole domain of IT departments; it has become a boardroom-level concern that can make or break a company’s future. To shed light on these evolving threats, I interviewed Danny Jenkins, CEO of ThreatLocker, a leading provider of endpoint protection and zero-trust solutions. We discussed why CEOs must take cybersecurity seriously, the most common attack vectors, and how artificial intelligence is reshaping the threat landscape.

Why should CEOs care about cybersecurity today?

Twenty years ago, cybersecurity was largely an IT problem — about fixing malware-infected machines. But today’s attacks are business attacks designed to extract money, either through ransom demands or by stealing and selling sensitive data. When your files are encrypted, and a cybercriminal demands €500,000 to unlock them, it becomes a company-wide crisis. It does not matter if you are a dental office, a car dealership, a manufacturer, or a bank — attacks happen across the board. In the US, for example, a company is hit with ransomware every 11 seconds. Cybersecurity is now a CEO-level issue, not just an IT matter.

What are the biggest cyber risks companies face today?

First and foremost is spear phishing. This is where an attacker intercepts legitimate email conversations and manipulates them, for example, by changing payment details on an invoice, leading to potentially catastrophic financial losses. The second major threat is ransomware. Attackers may gain access to your network via a malicious link, a downloaded attachment, or an open port. Once inside, they move laterally, collect data, exfiltrate it, and then encrypt your files — often over a holiday weekend when staffing is low. The ransom amounts I have seen typically range from hundreds of thousands to millions.

Why do some leaders still overlook cybersecurity?

In industries like banking, leaders are very aware of cyber risks. But in sectors like manufacturing or healthcare, many executives began their careers before IT became critical to business operations. They often view technology as a cost centre rather than a strategic asset, and they may not fully grasp the modern risks. Unfortunately, that gap in awareness can have serious consequences.

What key questions should CEOs be asking their IT teams?

First: Are we blocking untrusted software for all users? That is a major factor in preventing ransomware.

Second: Do we have multi-factor authentication (MFA) enabled on all email accounts?

Third: Are we conducting external penetration tests on our firewall?

I would also recommend CEOs perform some simple tests themselves. For instance, try logging into your email from home. If it does not prompt a second factor of authentication, that is a red flag. Or try downloading and running TeamViewer — if it installs without resistance, your environment likely lacks proper controls. Beyond that, I bring in external experts regularly to test our own systems.

What are some common cybersecurity mistakes companies make?

The number one mistake is believing you are secure. In cybersecurity, complacency is dangerous. Even at ThreatLocker, where we have extensive protections, we remain constantly vigilant.

Four common technical pitfalls are:

Allowing untrusted software to run.

Failing to implement MFA.

Keeping old, unused accounts active.

Neglecting to run regular penetration tests.

Any of these can open the door to a serious breach.

Can you explain zero trust in simple terms?

The default mode for most computers is to implicitly trust software — if it is not flagged as bad, it can run. Zero trust flips that model: only software that the business explicitly allows can run. It is about controlling what software operates, limiting network access, and ensuring that employees only have access to the resources they need. For instance, someone managing the company’s cameras doesn’t need access to payroll data. The principle is the least privilege applied across the entire environment.

How is AI making it easier for cybercriminals to attack?

AI is lowering the barrier to entry for attackers. Three years ago, phishing emails were often riddled with spelling and grammar mistakes. Today, anyone can use AI tools like ChatGPT to write flawless, convincing emails — in any language. AI also makes it easier to generate malware. Previously, you needed programming skills or had to buy malicious code. Now, you can instruct AI to help build tools that can aid in data theft or remote access, even if the AI platform enforces certain safeguards. This dramatically increases the number of potential cybercriminals.

Finally, tell us about ThreatLocker. What does your company offer?

We provide a platform that secures endpoints and cloud environments. It allows businesses to see exactly what is running in their environment and what those applications can access. For example, you might discover that a seemingly harmless browser extension has access to your passwords. ThreatLocker learns which applications your business needs and blocks everything else. If someone tries to run new ransomware, it simply won’t execute.

Our platform also includes website filtering, traffic interception, endpoint detection and response (EDR), and a 24/7 managed Security Operations Center (SOC). We monitor systems around the clock, especially during vulnerable times like weekends. Currently, we protect more than 54,000 organisations globally — including banks, hospitals, and manufacturers.

For CEOs, we offer a white paper called Less Hackable on our website. It outlines ten practical steps for hardening your environment — a great starting point for business leaders who want to understand what good cybersecurity looks like.