"Cybersecurity risk should always be considered within the business context"

The definitive goal of a cyber risk process is to eliminate risk to the extent possible by ascertaining which risks must be addressed and mitigated and which risks the management is willing to live with. This goal requires the development of a clear strategic methodology to determine and communicate the risk appetite; analyze and prioritize cyber risks and vulnerabilities; and establish a well-defined mechanism for mitigating the risks to be addressed. This is an organizational mission and not something that individuals or select teams can achieve.

The articles in this eBook cover a range of interesting topics, from thinking like an adversary to changing existing relationships with cyber risk to concrete mitigation OT zero-trust strategies that can be rolled out. I believe the key message that cuts across all this great content is that not every vulnerability needs to be mitigated and not every patch applied. The challenge is to identify and categorize the cyber risks to determine the correct actions.

Every company will have a different risk appetite, and therefore, a different strategy and set of mitigation playbooks. In the end, a risk-based approach will enable industrial organizations to apply their resources most effectively and treat cybersecurity as a business decision. 

Download Here