13. State the consequences of not considering cyber security during the design phase (AC 3.3)

If cyber security isn't thought about during the design phase, businesses are left playing catch-up. This means dealing with attacks as they happen or after the damage is already done, instead of stopping them before they even star. The problem is, by the time an attack is noticed, it's often too late. The damage is done, and without a solid plan in place, the recovery can be slow and painful. Sadly, many businesses only wake up to the importance of cyber security after a breach has already occurred. By then, the opportunity to build a security into the system from the ground up is gone, and what's left is patching holes in a broken wall. This approach isn't just risky - it's inefficient. A system designed without security in mind is harder to protect and maintain, and it's less effective overall. It's like trying to add seat belts to a car after it's already been built. Sure you can do it, but it's not going to be as safe or as seamless as if they were included from the start. There's also the issue of confidence. If a business's cyber security isn't up to par, it can lead to hesitation and fear of innovation. For instance, they might shy away from adopting new technologies like AI - even it those tools could greatly improve their operations - because they're worried about security risks. In the long run, this kind of reluctance can hold a business back, keeping them from growing and staying competitive in an ever-evolving digital world.