Recently, IDG TECHTalk hosted a Twitter chat on, “Risk Management in the Enterprise,” and asked experts to chime in on several questions. In particular, one question that fueled many responses was, “How often should businesses review their cybersecurity risk, and should it be done more frequently, less frequently, or at the same cadence as other risks like regulatory changes, natural disasters, or economic risk?”
The experts’ opinion was unanimous and almost everybody agreed that if you are not reviewing your cyber risk as a continuous activity, you are leaving your organization open to breaches.
Here are a few answers from folks who joined the chat:
From Mike D. Kail (@mdkail)
“Managing and mitigating #cybersecurity risks should be a continuous process, not a periodic ‘tick the box’ activity.” #Compliance = #Security
From Ben Rothke (@benrothke)
“Big mistake regarding annual reviews, if methods are the same used 10 years ago, you need a major update.”
From Arsalan Khan (@ArsalanAKhan)
“All the time and be paranoid about it. If you are paranoid about #cybersecurity then you will greatly be appreciated by your customers eventually.”
While there were several…
