Treat cyber as a business risk
If you want to treat cyber as another business risk, then it needs to be assessed and evaluated in a way that you can compare it to and aggregate its effect with other sources of business risk.
cyber risk
Risk-based cyber risk reporting
I encourage you to subscribe (free) to McKinsey’s frequent reports. Their latest, Enhanced cyberrisk reporting: Opening doors to risk-based cybersecurity has some good observations. Unfortunately, their ideas for addressing the problem don’t work for me.
Amazing insights on cyber
A couple of recent pieces shed some light, some amazing light, on how cyber-related risk is perceived by executives and the board.
