A couple of key items to consider in developing a cybersecurity strategy.
1. Are you following a cybersecurity framework that best aligns to the mission of your business? ISO 27001, NIST or NIST CSF?
2. Do you have a current, accurate and complete IT asset inventory (including OS, firmware, and applications)?
A current topology diagram that not only depicts the IT architecture but also the flow of information to and from the organization.
3. Do you have a full understanding of the business's mission critical functions? And the business's future objectives and goals? What areas is the business willing to accept / manage risks.
Having this information, will give you a high overview of the "as-is" status and good start towards organizing a "to-be" status and importantly resourcing a cybersecurity strategy.
Hope this helps. All the best.