Should Organizations Be Operating Outside of Their Risk Appetite?

Should Organizations Be Operating Outside of Their Risk Appetite?

Business opportunities around the world have increased significantly as the online presence of individuals and businesses has increased during lockdowns enforced due to the novel coronavirus pandemic. But with added exposure comes added risk, and organizations should know where to draw what may be a new line in their risk appetite profiles, so they can maximize the benefits and weigh the amount of risk they are willing to take in the pursuit of their business objectives.


The worldwide lockdown of establishments due to the COVID-19 pandemic has caused a spike in online activities as more and more individuals work from home and organizations embrace new challenges in managing business and information security. Consequently, cybercriminals are also having a field day, leveraging the trending news on the pandemic to spread spam, malware and sophisticated attacks targeting individuals and businesses alike.


Understanding Risk Appetite


ISO 31000 is a family of standards relating to risk management codified by the International Organization for Standardization (ISO). This framework defines risk appetite as the amount and type of risk that any business organization is prepared to take, retain or pursue to achieve the objectives of its strategic plan.


Fundamentally, cyber risk appetite is the level of tolerance that an organization has for risk. Cyber risk appetite has two aspects. One is in understanding how much risk the business entity can take. The second aspect is the budget that the organization is willing to spend on managing that risk.


These aspects of managing risk in accordance with business objectives are heavily ..

Support the originator by clicking the read the rest link below.