The past decade has seen a significant advance in cyber risk assessment maturity. There has been wide recognition that security and risk frameworks provide excellent process for assessing risk, but miss out on defining exactly how to compute and communicate risk. Increasingly, corporate boards have been asking for quantitative measures of cyber risk, similar to what other disciplines in the organization have been doing for a long time (e.g. measuring financial impact). Instead of being content...
Read the full article