The origin of New Year’s resolutions may well lie in the educational guidance parents provide to their children with regard to goal setting, the discipline required to achieve those goals, and the joy—or disappointment—that accompanies success or failure. Factors such as aiming too high or investing insufficient effort are just a few of the dimensions that shape the choices made along the way. This gradual hardening to the realities of society is, in fact, a gift from parents.
Organisations do not necessarily make New Year’s resolutions, but budgeting cycles often begin on January 1st. Goals are set—for example, achieving compliance with a specific regulation—in order to remain competitive in the economic landscape. Achieving compliance requires careful planning, as well as (e.g.) thorough documentation of blocking elements and their influence on outcomes. Identified elements are assessed for their potential negative impact on projected results, and where possible, measures are taken to mitigate these threats.
Standardising the definition of threats, maturity and/or risk assessment methods, incident frequency, and financial impact enables a clearer understanding of the risks involved. Thus easier to communicate to BoG. This, in turn, supports a more formalised and defensible decision-making process. Some refer to this as cyber risk management, others as cybersecurity investment decision-making, and still others as cybersecurity risk mitigation.
Regardless of terminology, a formalised cyber risk governance process is not merely a compliance exercise—it is a strategic asset that strengthens resilience, optimizes investment, and protects long-term business value.
#TrustMatters #NIS2 #DORA #TPRM #CyberRisk