RSA announced Wednesday a new framework designed to allow companies to better calculate and prioritize their cyber risks.
Companies need to redefine "cyber risks," according to the report. Rather than simply hacking and system break-ins, "cyber risk" now extends to events that result in loss of data or harm to a company's technology.
RSA, the security division of EMC, maintains that companies need to identify potential cyber risks, quantify the impacts, prioritize and constantly re-evaluate to ensure an organizations network and systems health.
As organizations become more tech-based, they open themselves up to increased cyber risk. Therefore, enterprises need a "systematic process for defining and comprehensively categorizing sources of cyber risk, a new accounting of key stakeholders and risk owners, and a new way to calculate cyber risk appetite," according to RSA.
"Cyber risk is a critical issue in today's organizations, touching aspects of business risk, regulation and technology," said David Walter, RSA’s general manager for Global GRC. "To effectively deal with these risks, executive decision-makers need to understand their organizations' cyber risk appetites' – balancing the nature and magnitude of those risks against the benefits a strategic shift would deliver. Then they can make more informed decisions."
The report also suggests companies need to include a bigger group of stakeholders to shape policy, including both technical and business people.