The First Step in Managing Cyber Risk: Understanding Your Organization's Tolerance for Risk

As an executive, you are tasked with protecting your organization from all sorts of risks.

Some of these risks, like product recalls or data breaches, can come with a hefty price tag. Others, like reputational damage, can be more difficult to quantify.

But one thing all risks have in common is that they must be managed.

And the first step in managing any risk is understanding your organization’s tolerance for it.

When it comes to cyber risk, this means understanding the potential financial, reputational, and operational impacts of a breach or attack.

It also means understanding the likelihood of such an event happening in the first place. Only then can you begin to put together a plan for managing that risk.

Here are some questions you should ask yourself as you start to assess your organization’s tolerance for cyber risk:

STEP 1:  5 Questions You Need To Ask…

  1. How much would a data breach or cyber attack cost our organization?
  2. What is the likelihood of our organization being targeted by a cyber attack?
  3. How would a cyber attack or data breach impact our reputation?
  4. Are there any regulatory obligations we need to take into consideration?
  5. How would a cyber attack or data breach affect our operations?

Answering these questions will give you a better sense of your organization’s overall tolerance for risk.

From there you can start to put together a plan for managing that risk.

But don’t forget Cyber Risk is always changing, so your plan will need to be updated on a regular basis.


Managing cyber risk can seem daunting, but by understanding your organization’s tolerance for risk you can create a plan and regularly update it.

Do you have questions about managing Cyber Risk?

Let us know in the comments and we’ll do our best to help.

Recommended Resource:

Are you interested in learning about the latest trends in Cyber Risk Governance?

Join us in for upcoming LinkedIn Live Event where we will be discussing exactly how you can change the narrative around GRC in your organization.

We’ll be sharing the most significant insights from our recent series of private Cyber Risk Governance LinkedIn Group member Roundtables.

You’ll walk away from this event with a better understanding of how to win the “Acronym Battle” between technologists and governors plus how AI automation can eliminate GRC and Technical Controls errors and reduce MTTD by up to 83%.

Register now via the link below to join us for this one-off live event!