Interested in scheduling a demo or learning more about how we work?

By Ryan Dodd

May 23, 2019

F irms are increasingly recognising the importance of cyber security as a top business risk, but it continues to be managed as an isolated operational challenge that is the sole domain of the IT staff or chief information security officer (CISO).

In fact, the C-suite and boards of directors should be directly responsible for managing the risk in a top-down manner, considering that the actual technology value-at-risk to a company is potentially massive.

Unfortunately, most companies do not know the true cyber value-at-risk until it is too late. The C-suite and board often overlook a major risk such as cyber due to what behavioural scientists call “the ambiguity effect”: the tendency to avoid taking action based on a lack of information and a sense of the unknown. This can be seen in company approaches to cyber risk, as C-suites tend to delegate the management of the issue to IT staff rather than owning it themselves.

Read more — Download PDF (26Kb)