Despite all the innovations in security products and growing attention to cybersecurity, many organisations continue to fall victim to cybercrime. This presentation analyses the reasons for the persistent vulnerability for typical companies in the German-speaking upper midmarket. It highlights key factors such as typical attacks, inadequate security and monitoring infrastructures, typical configuration challenges, as well as the complexity and constant evolution of cyber threats that lead to "shiny object syndrome" and how to avoid it. The presentation concludes with measures that organisations should take to strengthen their defences and which investments make sense.