There are many places in any business where the right choice may not be intuitively obvious. Further, there are certain decisions that may still be ok if the best available methods are not applied. Then in any business there are decisions that may not merit a thoughtful, comprehensive approach since too many other things need attention and the consequences are not extreme.
Cybersecurity risk is not one of these places.
By not choosing a comprehensive risk management platform, one that does not properly address probability or perhaps is not NIST-approved or goes without insurance-grade actuarial science, we are making a statement about the importance or diminished importance of cybersecurity risk. That may even be ok – for a while. Until the day when it’s not – and then unfortunately it’s simply too late.
We believe that getting serious about cybersecurity risk is the right choice. In the world of today, getting true data-driven protection around cyber risk is not only the right choice – it’s the wise choice. Going without a complete and functional risk management platform is now a choice. We urge you to choose risk management with the depth and insight to empower the organization to a radically better place ahead of these very costly risks now.