Proper cybersecurity in an organization must have a foundation.
The effective approach is driven from the top to mandate integration of cybersecurity in the business process. This is in the form of Policies and enforced via corporate governance.
Underneath the policies, various domains in risk management, policies exceptions, technology standardization, secure architecture, secure system deployment, procurement specification, incident respond, recovery, business continuity and workforce development are the pillars.
Without a sound foundation, the object in the air will fall, just a matter of when.