Risk is an inherent part of doing business. For any organisation to operate successfully and succeed in meeting its objectives it needs to address risk and respond proportionately and appropriately to a level which is consistent with its risk appetite. Failure to identify and manage risk can lead to business failure.
Risk assessments are very broad and usually quite subjective in their nature. In our experience of assisting companies, Boards tend to have a well-established risk register which covers the obvious and significant risks to the organisation. But what of Cyber risks?
The same risk assessment processes need to be applied to identify the Cyber risks and how they are to be treated. But where to start?