Cybersecurity people like to say that there are two types of organizations—those that have been hit and those that do not know it yet. Recent headlines should prove that this joke is largely true. Cybercriminals stole the credit-card information and personal data of millions of people from companies that included Target, Home Depot and JPMorgan Chase. Security researchers discovered fundamental flaws in Internet building blocks, such as the so-called Heartbleed vulnerability in the popular OpenSSL cryptographic software library. A massive data-destruction attack sent Sony Pictures Entertainment back to using pen and paper. Criminals accessed the data of more than 80 million customers of health insurance giant Anthem. And these are just the incidents we know about.