There is a significant need in the market to transform cyber assessments, information technology metrics, and information security into the common language of risk management. Additionally, there is a lack of consensus on how to categorize cyber within a risk taxonomy. The insurance sector often views cyber as financial risk while banks may view it as a type of operational risk. Other industries may see it altogether as a strategic or standalone risk.

A version of this article also appeared on CFO.com.