Tom prepared his last slides for presentation to the Board with a quiet sense of satisfaction. His chief risk officer Nathan, had summarized the assessments of the current state of enterprise-wide capabilities to deliver an effective cyber risk management subsystem to the existing enterprise-wide risk management (ERM) system. These assessments were sourced from all functional heads. As CEO, he knew the board expected to see future gap improvements in these capabilities. As he saw his chairperson, Mara, enter his office, he quietly smiled. He held a new confidence that his organization had a way to measure and track capability gaps.

Background

Improving risk management maturity improves trust and reliability in the organization’s ability to achieve its objectives, to report its risk profile(s), and to add value to the organization. More mature enterprise risk management (ERM) systems deliver researched bottom-line, top-line and other “hard” benefits for an organization such as the tripling of the bottom-line.¹ There is no reason the same does not apply for the ERM subset, a cyber risk management system.

Enterprise risk management system capabilities mature over years at staggered rates unique to your organization. The ...