 |
The methods for measuring cyber risk have evolved in recent years, but they still skew technical and narrow — truly effective cyber ratings must be holistic assessments that consider technical analysis, governance, culture, and the financial impact of adverse cyber events. To bridge the gap, company leaders need to learn how to interpret what the assessments and their underlying components really mean for them. Becoming literate in cyber risk doesn’t mean that every executive needs to be a technical expert, however. What it does mean is that they need to be able to establish their company’s tolerance for cyber risk, define the outcomes that are most important to their business to guide cybersecurity investment, and be able to foster a culture of cybersecurity and resilience. |
