Tag: risk

  • Reporting risk to the board – What not to do

    I have spoken with board members and it is clear that “C” levels are not reporting cyber risk to them in a meaningful way. Modern boards are tired of seeing traffic light reports. The reporting can no longer say – this risk is red but don’t worry – we have a risk mitigation plan. “I…