This is a hard one to answer because for some people, in some industries, the answer will be: yes, cyber criminals will be a massive threat to security (it's believed that the National Grid is under attack constantly from cyber criminals and terrorists). But for others, mistaken, rogue or malicious insiders will be a bigger threat than unknown people in far away places. But neither route can be ignored by organisations who value their reputation. The layered approach favoured by GCHQ means that approach is holistic. We focus on protection beyond the perimeter. We advocate a robust and risk-savvy cyber security defence system based on protection and detection rather than mere traditional prevention. We recommend a series of IT and data security measures which makes life difficult for any cyber attackers who do get inside the perimeter, and which reduce the impact of the careless or malicious insider too. And we have a series of digital forensic technologies, which can prove compliance and track criminal activity. It will help you identify your weaknesses and make your protection stronger in the future too.