Failure to Link Cyber Risk to Corporate Objectives

cybersecurity risk management smallbusiness Aug 12, 2022

Unfortunately, for various reasons, a large percentage of cybersecurity risk assessment work done in many different organizations, including small and midsized businesses, fails to tie to specific organizational objectives.

Executives must be aware of which of the organization’s most important value creation and value preservation objectives are likely to be impacted by the lack of cybersecurity mitigation. In some extreme cases, the communication to executives by cybersecurity risk assessors is that having high levels of computer security should be an objective; however, the recommendation fails to provide linkage to impacted organizational objectives or a cost-benefit analysis.

Senior leaders and boards, for that matter, are challenged to decide how much of the organization’s limited resources should be dedicated to cybersecurity without high-quality information to assess which organizational objectives will be impacted by the lack of mitigation.

Was your cybersecurity strategy developed with a mission-based risk impact on the organization? Or is your cybersecurity team trying to boil the ocean? Do you assign a dollar amount to your risk rating?

Any level of quantitative risk is better than most qualitative or expert judgments.


*** FREE GUIDE ***


Author: Dr. Bill Souza | Aug 12, 2022 


Want Helpful Cyber Risk Tips Every Week?


You're safe with me. I'll never spam you or sell your contact info.