Maeve Dion
Leaders are the chief risk managers of any organization. Decisions about new products, markets, suppliers, etc., come down to leadership’s priorities regarding risk.
Leadership holds topmost responsibility for cyber risk management.
Yet many leaders – while experts in their own domains – have little experience in articulating how their risk preferences should influence the organization’s use of technology.
This article helps situate cyber risk management as a leadership responsibility, no matter the leader’s cyber experience.
Definitions
Using the ISO 31000 standard, which defines “risk” as: “the effect of uncertainty on objectives,” we see that risk can result in positive effects (e.g., succeeding with an expansion into new markets) or negative effects (e.g., failing to build sufficient layers of guarantees in a new vendor contract).
When we think about “cyber,” we often mean those technologies that:
- encompass information & network activities, control systems, and all future evolutions of science;
- enable our economic, governmental, and societal activities; and
- act as a conduit or facilitator of actions that can cause harm in our physical…
