I have been talking (and writing) for a long time about the sad reality that leaders of organizations around the world see risk management as something they have to do rather than want to do.
I encourage you to subscribe (free) to McKinsey’s frequent reports. Their latest, Enhanced cyberrisk reporting: Opening doors to risk-based cybersecurity has some good observations. Unfortunately, their ideas for addressing the problem don’t work for me.
You may be surprised to hear that the average cost of a data breach is just $3.9 million. That sounds far different than indicated by the alarm bells screaming at you from all sides.