Many years ago, my friend Ed Hill, a Managing Director with Protiviti at the time, coined the expression “there is no such thing as IT risk. There is only business risk.” Yet, people still talk about quantifying cyber risk in a silo. They talk about “risk to information assets” instead of risk to the achievement […]
