Managing the risk appetite between departments
For this reason, security policies need to allow for the acceptance of a certain level of risk in order to maintain cohesion within the organisation. Security breaches can and do happen¹, and just as important as preventing them is having an agreed process in place to deal with them when they occur, based on an understanding of what’s involved.
Risk management should be part of a holistic program to assess risk appetite, apply risk management principles and, finally, educate the business that a realisation of a risk is not a failure but a validation of an agreed process.
¹ Exclusive articles by CNBC cover BCG's annual Most Innovative Companies report.