Understanding cyber risk management vs uncertainty with confidence in 2017
Every organzation faces uncertainty and this is often a key challenge in achieving its objectives. Much of this uncertainty comes from an inability to accurately predict future events.
Generally, we can define a potential future event that could affect an organization’s objectives as a ‘risk’ and the process of forecasting and responding to these potential future events as ‘risk management’. Many existing risk management methodologies attempt to improve the process of understanding and responding to potential future events.
The first decision for an organization will be how much risk management to do to strike the right balance between the amounts of effort spent on risk management activity versus the benefits brought about by the insight it provides.
In this paper we will use a set of definitions that have been used by many organizations to effectively manage risk, explore the concepts around the topic and suggest how organizations can evolve their thinking about cyber risk while also outlining some challenges.
Published date:  01 December 2017