The potential business revenue from rising compliance requirements and security threats is hard to ignore. The increasing press coverage of ransomware attacks and fines for non-compliance is driving awareness and urgency. Even the slow adopter business owners and managers know something needs to be done to limit their corporate risks and individual exposure, and time isnt on their side.What tools are necessary, how to integrate it into the IT services offering, how to market it? What are the best ways to go about developing sound cyber-security policies and practices in 2018 that could be used for commercial gain as well as internal commercial security? Here are some recommendations.