Rethinking Cyber-Risk Maxims

When addressing cyber risk mitigation, directors and officers must avoid relying on broad guidelines to understand what management processes best fit their organization. Like other corporate risks, cyber risk can be managed through a combination of avoidance, treatment, acceptance, and transfer mechanisms, but its complexity and evolving nature demand a more thorough assessment.

This article, published in the May/June issue of the NACD Directorship, addresses various maxims associated with cyber risk, and how to best translate those maxims into cybersecurity solutions that support an organization’s strategic risk management practices.