Why Cyber Risk?

As I progressed through my studies at Georgia State, I always had a strong interest in business. There are many facets to managing a business, and successful organizations frequently have to balance operations, strategy, and resources. With my major in Computer Information Systems, my studies sit at the intersection of both business and technology. As we know, technology is constantly evolving. The adoption of these technologies may support business operations and ultimately, its continuity. However, this is dependent on the type of technology selected and how it is used within the business. It eventually led me to a bigger question: how does an organization decide what technologies are worth adopting, and how do they evaluate the risks that come with those decisions?

Risk helps businesses understand and decide what is significant to them. Every organization is different. Each organization has varying business goals, varying levels of compliance, and varying levels of resources. Risk is what guides organizations to recognize where to invest, how much to invest, and why.

Cyber risk is not about securing every single asset in a company’s IT environment in order to prevent a vulnerability from being exploited. It’s about understanding what risks are present in their environment, how organizations identify and prioritize these risks, and how they can make informed decisions that align with their business goals.

To me, it’s like solving a puzzle with many moving parts. You are looking at the distinct pieces of an organization, like its systems, processes, controls, and people. There are a variety of ways you can solve the puzzle, but every organization requires a different strategy based on how it operates, what it values, and what risks they face. Additionally, these pieces are not static. They change in shape over time, and organizations must continually reassess and strategize to fit those pieces together. That is what draws me to cyber risk.