Explained Simply
Courts, insurers, and regulators don’t care how hard you tried—only whether you met the standard of care.
The Myth of “We Tried Our Best”
In the early days of cybersecurity, it was enough for schools, cities, and businesses to show they made an “honest effort” to protect sensitive data. Budgets were limited. Threats were new. And few people truly understood the risks.
But times have changed.
Today, claiming you “did your best” isn’t just weak—it’s dangerous. In the eyes of the law, good intentions don’t protect you from negligence.
But times have changed.
Today, claiming you “did your best” isn’t just weak—it’s dangerous. In the eyes of the law, good intentions don’t protect you from negligence.
“Best Effort” Isn’t a Defense—Here’s Why
Courts, insurance companies, and regulators now expect your cybersecurity program to be:
Even if your team worked overtime, if you missed basic controls (like multi-factor authentication or patching known vulnerabilities), your “effort” won’t hold up.
- Aligned with recognized standards (like NIST, ISO, or CIS)
- Aligned with industry frameworks (like NIST CSF, CJIS, PCI, etc.)
- Continuously improving
- Documented and risk-based
- Comparable to peers in your sector
Even if your team worked overtime, if you missed basic controls (like multi-factor authentication or patching known vulnerabilities), your “effort” won’t hold up.
Real-World Example: The City That Got Sued
In 2023, a mid-sized U.S. city suffered a ransomware attack that shut down emergency services and payroll systems. City leaders claimed they had tried to improve security, citing recent software purchases and a few staff trainings.
But internal emails showed they had ignored key recommendations—like replacing outdated firewalls and backing up systems offline.
The result?
But internal emails showed they had ignored key recommendations—like replacing outdated firewalls and backing up systems offline.
The result?
- The city lost access to its data for weeks.
- Cyber insurance only covered part of the damage.
- Taxpayers are still footing the recovery bill.
What Replaces “Best Effort”? Measurable Progress "Intent"
Today, you’re expected to show:
This is especially true for public sector leaders like school superintendents, city managers, and IT directors who often sit between shrinking budgets and growing threats.
You don’t need to be perfect. But you do need to prove that you’re acting responsibly, strategically, and defensibly.
- A clear understanding of your cyber risks
- A roadmap for addressing gaps
- Evidence of action—not just policy
- Benchmarking against sector peers
This is especially true for public sector leaders like school superintendents, city managers, and IT directors who often sit between shrinking budgets and growing threats.
You don’t need to be perfect. But you do need to prove that you’re acting responsibly, strategically, and defensibly.
The Minerva Platform: Built for Real-World Accountability
At V3 Cybersecurity, we created the Minerva Cyber Risk Management Platform for organizations that can’t afford to rely on “best effort” anymore.
With patent-pending technology, Minerva:
Whether you’re preparing for a board meeting, responding to auditors, or recovering from an incident, Minerva ensures your effort is measurable, defensible, and aligned with industry standards.
With patent-pending technology, Minerva:
- Turns cybersecurity frameworks into plain-English task lists
- Assigns risk and budget priority to each gap
- Tracks progress over time with dashboard and audit reports
- Benchmarks your maturity against similar organizations
- Helps you prove—on paper—that your team acted reasonably and defensibly
Whether you’re preparing for a board meeting, responding to auditors, or recovering from an incident, Minerva ensures your effort is measurable, defensible, and aligned with industry standards.
Don’t Let “We Tried” Be Your Last Line of Defense
See how Minerva transforms “best effort” into a repeatable, defensible cybersecurity program—built for today’s legal and operational realities.