To consider themselves ‘cyber security ready’ need to meet a number of conditions including being able to detect attacks such as fraud, malware attacks, phishing, and theft of intellectual property from both within and outside the network. It is also vital for organisations to have an effective response protocol in place, so that if and when they come under attack, they know exactly what to do in order to reduce the effects of an attack.

Risk management is defined by Margaret Rouse from TechTarget as:

“The process of identifying, assessing and controlling threats to an organization’s capital and earnings. These threats, or risks, could stem from a wide variety of sources, including financial uncertainty, legal liabilities, strategic management errors, accidents and natural disasters.”

Risk management is a part of every organisation’s global or HR policy, however there is often a lack of focus on information security policies. Now more so than ever, digitized companies are at risk of cyber attack. As a result of this, risk management plans:

“Increasingly includes companies’ process for identifying and controlling threats to its digital assets, including proprietary corporate data, a customer’s personally identifiable information and intellectual property” says Rouse.

In terms of information security policies, risk management follows much the same process as for other aspects of the organization: