IT security is necessary but not sufficient. Information Assurance depends on all aspects of cybersecurity - physical, human and technological, as well as governance, risk management and compliance.
GDPR has been a game changer. It's not just about the increased fines. Now the focus is not only on privacy and confidentiality but on all aspects of personal data security.
Think like a hacker to protect yourself against malicious actors. It needs to be part of your security mindset all year round - not just when it's time for the annual pen test.