Cyber Risk: Where We Have Been, Where We Are and Where We Are Going

Mark Clancy


Cyber risk management is a young discipline in every possible way. The terminology is not very old, the hazards are still evolving, the metrics and models are maturing. Cyber risk management is a subset of technology risk management practices that have evolved since information technology (IT) systems started performing functions that had outcomes that actually mattered to a non-technologist.

We will examine how cyber risk management has evolved as the nature of the threats and the consequences of impacts have changed over time, as well as how risk management frameworks came into existence. There are three intertwined notions that have driven the development of cyber risk management approaches. The first is evolution of adversary motivations, from curiosity, to profit, to exercising might. The second is the adversary motivation, stressing the three legs of the confidentiality, integrity, availability triangle. Third is the perspective shift in the focal subject of the cyber risk management assessment, moving from systems, to networks, to business outcomes. The past and present of cyber risk management has been a lagging indicator in that the discipline has evolved

To continue reading...

You need to sign in to use this feature. If you don’t have a account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here: