Cyber is easy - simply no direct connect to the internet. Anything less is effectively nothing. Anything more is not needed.
Not that easy. I worked for a company that did just that. Air gapped completely. We sneaker netted the web orders, etc. back and forth between the internal system and the outside world. Huge pain in the ass, but secure.
When we had to be certified as PCI compliant by our auditors, they wouldn't. Said that the air gap was a security risk! Made us connect and go through the hoops with more firewalls, et al., to be certified so we could stay in business.
I will NEVER believe that they are more secure now than before. We checked the sneakernet data for SQL injection, ran AV, limited removable media to a few trusted and audited employees and so forth. But in the end, we had to get that PCI cert or our bank would refuse to do business with us.