A Proposed Business-Oriented Approach to Cyber

David Leigh

Approaching cybersecurity as a technical problem and leaving it to technology people to achieve it has produced acceptable results in the past. Now, all of our business processes are underpinned by electronic data, which is exchanged at the speed of light using interconnected networks that are based on inherently insecure core technologies. In this chapter we will:

  • describe why achieving a sufficient level of cybersecurity is important to every organisation;
  • examine why a technological approach is no longer adequate;
  • describe a business-oriented approach to cybersecurity; and
  • provide steps for how to carry it out.
  • Sustaining cybersecurity risk to an acceptable level requires an effective process of prioritisation, action, monitoring and measurement.


It is extremely rare outside of the emerging-markets regions to find a business process, activity, project or interaction with a client, business partner, service provider, etc (ie, law firm, accounting firm, consultant, market intermediary, third-party administrator, portfolio company, outsourced business partner, supplier, customer/their supply chain, etc) that is not underpinned by digital

To continue reading...

You need to sign in to use this feature. If you don’t have a Risk.net account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here: