A cyber security strategy is about recognizing current threats, being aware of risks or vulnerabilities based on the harm to the organization or system, assessing the impact on safety and property, and protecting against liabilities through proactive measures, preventative actions and responses. A cyber security strategy provides proper documentation and training with staff to protect against liability issues such as negligence, lack of due diligence and foresight or not meeting regulatory compliance requirements that can lead to fines or penalties.