Talk is cheap — what we need is more action [Commentary] The current threat level of a cyberattack is always the subject of lively debate, and this is no more the case when you look at general private sector security and what is being portrayed in the more sensitive space. There is the clear side of the debate that examines attacks on sensitive systems that rise to the level of a national security threat; and the general private sector side of things that deals with the general systems that don’t rise to that level. For years now, those of us with one foot on each side have been concerned about the difference in the view of the current state of cyber insecurity. Recently, headlines appeared that finally make it look like cyberthreat views are coming together. Symantec, one of the major players in cybersecurity, recently caught the attention of many people. Their CEO is quoted as saying America has a “cybersecurity crisis.” He went on to say that “39 percent of North Americans have been affected by cybersecurity crime in the past year alone.” One cyberthreat indicator that supports these statements is that on average there were more than 2.3 phishing attacks per minute in 2016. Now add the opening remarks by Sen. John McCain, R-Ariz., at the March 2 hearing on cyber strategy and policy where he acknowledged that “Threats to the United States in cyberspace continue to grow in scope and severity. But our nation remains woefully unprepared to address these threats, which will be a defining feature of 21st century warfare.” This is well worth a read or listen! Once again we recognize the problem, but a solution remains elusive — at least at this point. More action is what is needed; we have had plenty of talk!