Transitions are where gaps form, access lingers, tools misfire, and accountability vanishes. It’s the one moment where everyone assumes someone else has the wheel—and that assumption can cost millions. As a vCSO, your role during these transitions is clear: protect the organization from inherited liabilities and educate the C-suite on risks they likely don’t see coming. 

Every year, organizations spend millions on phishing awareness training, convinced that simulated phishing emails will turn employees into a human firewall. But new research tells a different story: traditional phishing training doesn’t just fail—it can actually make employees more likely to fall for phishing scams.

In 2024, AT&T became the face of corporate cybersecurity failure. Despite reporting $122 billion in revenue and nearly $20 billion in pretax profits, the company cut corners where it mattered most: security. In an attempt to streamline costs, AT&T trusted sensitive customer data to a third-party provider without enforcing essential protections like multi-factor authentication (MFA).