As the first quarter of 2021 comes to a close, cyberattacks are only gaining momentum. As we reported last month, these attacks have become big business for threat actors, and companies are working hard to be prepared. Taking stock of potential risks – and risk management techniques – can be a useful exercise in this environment. For this, tools from change management can help. Change management, particular sustainable change management, teaches us not to jump head-first into action, but first to take stock of what actions will be most helpful.
To mitigate cyber risks, several actions of course are useful, and indeed several are required by data security laws. These include identifying and preparing for known risks, updating policies, implementing operating procedures to execute on those policies, strengthening internal controls and auditing compliance. These steps can help with both preventable risks -i.e., those that are internal and controllable; or are strategic – i.e., risks that one might be willing to accept for some benefit. However, those are only two of three types of risk, according to management theorists Robert Kaplan and Anette Mikes.[i] The…
