The current situation in many organizations is a siloed operation in digital coexistence, often lacking a unified tactical approach to risk management, which in turn drives performance, regulatory and organizational compliance management, legal management, audit management, third-party risk management, digital risk management, and business continuity management.
Peter Drucker’s famous quote “you can’t manage what you can’t measure” is a key to solving this situation. However, the CEO of Corporater, Tor Inge Vasshus, once said “you can’t manage what you can’t describe” to help executives complement their metrics and get to a deeper understanding of their business.
To bridge the communication gap for cyber risk, you must start describing your digital assets, assigning responsibilities, valuing them, risk assess them using a VaR approach, and then add a comment from an SME to complement your metrics. Here are a few examples of metrics you should consider monitoring holistically:
The ability to recover from a cyber attack expressed as cyber resilience in a BCM context
The value of your assets
Effectiveness for risk and compliance management
Effectiveness for assurance
This is an excerpt from the thought leadership article “Cyber Threat Risk Management in the Era of Digital Transformation”. To download the full article, please click here.