An old business adage holds that ‘you can’t manage what you can’t measure’. This is especially apposite in risk management. Banks have spent several decades and billions of dollars developing models to estimate potential losses from market and credit risks, but many chief information security officers (CISOs) confess to being unable to measure their exposure to cyber risk with anything like the same degree of accuracy.
“Wouldn’t it be great if CISOs had something like credit risk [modelling], w
The week on Risk.net, 14-20 April, 2018Receive this by email