Executive Summary
The methods for measuring cyber risk have evolved in recent years, but they still skew technical and narrow — truly effective cyber ratings must be holistic assessments that consider technical analysis, governance, culture, and the financial impact of adverse cyber events. To bridge the gap, company leaders need to learn how to interpret what the assessments and their underlying components really mean for them. Becoming literate in cyber risk doesn’t mean that every executive needs to be a technical expert, however. What it does mean is that they need…