Great question, and again it is back to the people aspect of it: Every cyber initiative need to spend a significant amount of effort time and money on people for awareness, communication, operating model…

On top of awareness I would say every awareness initiative needs CEO board director’s attention on a continuous basis. And I can tell that this is what we are having at Schneider Electric. But more than that it has to be a mechanism in place in the company.

For example we have a yearly mandatory training for all employees. Second with our IT/ OT initiative we have specific training for specific population. For example in our factories, in customer facing organization with cyber badge…

So here it is a full awareness approach that we have with people and It has to fit with your strategy, with your priority and it comes of course with reality check to make sure that the awareness effort that is done is paying at the end of the day.

Because at the end of the day we need to make sure that it’s not just about awareness, it’s about learning and as a CISO, as a cyber leader in the company, as a manager, I need to make sure that the company is learning from everything that is happening either externally either internally from incidents, from situations with customers…

So we need to learn because we have a lot to learn In every area especially in IT/OT and in digital.