Ransomware attacks underscore that cybersecurity is a business issue, not an IT issue