Sure, every compliance and audit executive wants to manage cyber-security risks. That assumes, however, that everybody in your organization agrees on what a cyber-security risk is and how much it threatens you in the first place.
That lack of a basic cyber-risk vocabulary can be one of the biggest impediments to identifying cyber-threats—particularly for multinational companies, with their many different systems and processes. Everyone might agree on the types of data worth protecting, but they may not grasp every point of failure, and every type of failure, that might strike across the enterprise. The cyber-risk assessment, then, would fail.
