Developing a Framework and Methodology for Assessing Cyber Risk for Business Leaders

Abstract

Cyber Risk is in fact an existential threat to modern business. In order to effectively deal with cyber risk it must be explained in terms of overall risk theory and frameworks enabling better decisions regarding cyber risk. This paper develops a more effective and unified approach to risk enabling better cyber risk decisions. It provides an overview of the concepts and theories of risk that prevail as well as a framework for decision making that can be applied to cyber risk. This framework is unique in that it provides practical tools for decision-making and a conceptual model tying cyber risk to broader risk. Based on this framework, a database tool was applied and tested across 20 industry verticals.