This article is part of Spiceworks’ Recalibrating Risk Tolerance series investigating the contemporary landscape of cybersecurity risk. You can follow along on our landing page, where we’ll be adding new stories all week.
As cybersecurity threats continue to grow in frequency and intensity, one of the most important steps a company can take in response is to accurately establish its risk appetite. This means determining the amount of cyber risk the company is willing to accept to achieve its strategic goals, and the steps needed to develop a successful program overall.
Simply stated, risk appetite in the context of IT refers to the willingness of a business to leave some of its assets exposed to cybersecurity threats, to what degree it opts to expose them, and what the potential impacts could be. No organization can fully protect all of its assets all the time. IT and business leaders therefore need to be realistic about which data and which systems they choose to best defend.
Establishing a risk appetite is a high-level decision set by senior leadership. It determines how funds are invested in cybersecurity, and how resources are allocated. Formal programs typically…
?xml>
