A company’s cyber security program needs to encompass not only the Firm as a whole, but every employee. Everyone in the company is responsible for the risks they undertake. This requires an active process—just like physical wellness programs in which the company takes an active approach to promoting and maintaining employees’ good health. So, too, with CyberWellness: proactive choices need to be made across multiple dimensions serving cyber defense, response, and governance.