Cybersecurity risks are now a key part of the ERM process. Here’s how infosec professionals should talk about cybersecurity risk and assess its impact.
Enterprise risk management (ERM) is the process of assessing risks to identify both threats to a company’s financial well-being and opportunities in the market. The goal of an ERM program is to understand an organisation’s tolerance for risk, categorise it, and quantify it.
When companies look at enterprise risk, the traditional approach is to look at financial risks, regulatory risks and operational risks. What happens if the exchange rate drops and the interest rate rises, if new drugs don’t get FDA approval, or if your main warehouse burns down?
By Maria Korolov
To read the full article click here.