Residual cyber risk

Residual risk metrics provide a wealth of information that is used in context to the inherent risk scores. In this chapter, we introduce the use of cyber risk thresholds in relationship to the type of digital asset. We explore the types of data that impact residual risk, including security assessment findings, vulnerabilities, and security incidents. We deep-dive into how these metrics are used in calculations and their use cases, including cyber budget, resource reallocation, and security tool ROIs. A deep-dive on the types of cybersecurity professionals provides added information in the cyber budgeting analysis.