Board members weigh how the company is assessing the impact of cyber risks.
Cybersecurity breaches can have a huge impact on an organization — but other risks may have a greater impact. Boards and management shouldn't assess cyber risks in a silo from other risks that may impact business objectives. In looking at how the organization assesses cyber risk, internal audit should consider the information security function's approach to assessing risks within the big picture of enterprise risks.
