How much cyber risk should an organization take?
I am interested in whether you share my views.
I also have some questions for you – after you watch the video:
- Should we be measuring cyber risk in relation to the potential effect of a breach on business objectives? Or should it be based on the effect on information assets?
- Do we know how to assess the level of risk?
- Are we doing a good job knowing how much risk we need to take to achieve our objectives? In other words, are we excessively risk averse or embracing of risk – and do we really know whether we are making the right business decision?
- Does it all come down to ROI, the cost and the value of additional investment in cyber prevention, detection, response, and remediation?
- Are we hyperventilating about cyber when there are more important risks to address?
I welcome your comments and answers.