There is a weakness in cyber risk to focus on the technical issues. They are necessary but not sufficient if you want to understand and manage all your cyber exposures, which I define as the vulnerabilities that arise as a result of activity using computers and the Internet. There is a great range of these vulnerabilities that are not being addressed.
An example would be the exposures that arise through the use of Social Media if not managed and controlled. For example posts that reveal sensitive, or uncomplimentary information regarding your organization or its executives.
There are also exposures that arise in the areas of Compliance, the Internet of Things (IoT), Cloud Computing, and Privacy. That is not to say the technical exposures should be ignored, far from it, rather you need to have an overview of all your cyber exposures, or at least as many as can be found at the moment.
We have prepared a course for the Global Risk Community that would help you address this issue.
Please check out the course Understanding Cyber Exposure - or copy and paste the following link into your browser http://globalriskacademy.com/courses/cyber-exposure/
I appreciate any and all comments regarding this view of the cyber risk environment.