ABSTRACT
The process of assessing and reporting an incident is important: if too many incidents deemed dangerous turn out to be trivial, or if senior management are informed about every little incident, then the wider management team may start to discount the warnings they are receiving and fail to act when a really dangerous incident occurs. Cyber security involves protecting organisations from cyber risks, the threats to organisations caused by digital technology. These risks can cause direct damage to revenues and profits as well as indirect damage through reduced efficiency, lower employee morale, and reputational damage. Cyber security is often thought to be the domain of specialist information technology (IT) professionals however, cyber risks are found across and within organisations. For this reason cyber threats are worse than they really need to be. The reality is that the threat from cyber risks is constantly growing, thus non-technical managers need to understand and manage it.
