Can cyber security and IT have the same reports?