5 Fundamentals in Cyber Risk ManagementBy Charles CooperWhen it comes to cybersecurity, organizations face a future in which it\u2019s best to prepare for worst-case scenarios.As the number of cyberbreaches top previous records, rampant cybercrime is expected to inflict major losses on the global economy before the close of this decade. That means breach prevention can\u2019t be the sole cornerstone of an effective cyberstrategy. As outlined in the latest AT&T Cybersecurity Insights report, the question is not if a company is going to be attacked. It\u2019s now a question of when the attack will come.That shouldn\u2019t be an impediment to your business\u2019s future. But it means finding ways to improve defenses and reduce vulnerabilities to the point where attacks are no more than an acceptable cost of doing business. That\u2019s where cyber risk management enters the picture. What follows are five risk management fundamentals for your business.Risk Identification Figure out what needs to get measured and connect the data points. Find attack patterns or any other traffic trends that might suggest imminent risks. Identify the greatest threats facing the organization and integrate any of those insights into your incident response strategy. And make sure that effective authentication systems are in place to vet whether the people accessing your organization are who they claim to be and not intruders. The National Institute of Standards and Technology has pulled together a longer list with specific suggestions about how to prioritize.Get Top Management on BoardBoards need to understand the potential constellation of risks that may threaten their company\u2019s reputation, finances and operational performance. Cyber risk management should be a central plank of any organization\u2019s governance processes. The senior levels of the company need to know whether their data assets are being protected adequately and when to adjust future budgets to bolster security planning. Only the board\u2019s buy-in will ensure that the organization\u2019s security objectives are fully aligned with the larger goals of the business.CSO-Board CommunicationSet up an effective communications pipeline between the organization\u2019s top security executives and senior management. That means it\u2019s up to the top security executive in the organization to inform the C-suite about looming potential risks as well as the state of current defenses. Unless they receive up-to-date risk indicators, the C-suite will have no way to judge whether the security situation is improving or getting worse. \u00a0Update Incident ResponseNo matter how well defended an organization may be, anticipate coming under cyberattack at some point in the future. Draw up worst-case scenarios along with an updated incident response plan. This is the road map to identify and prioritize the people, processes and technology issues to mobilize in an emergency. Don\u2019t let the response plan gather dust. It should undergo frequent testing to remain relevant and ensure that everyone involved in the drill understands their roles when the alarm sounds for real.Preach the GospelNo matter how many times they need reminding, employees can always do a better job when it comes to adhering to best practices. It\u2019s up to management to keep promoting a cyberaware culture. At a minimum, make sure that employees are aware of the cyber risks that threaten the organization as well as the likely business implications of a breach. Sometimes, this may not be as self-evident as it might seem at first blush. Success in this case may be measured in inches, rather than yards. But every little advance counts.Read the AT&T Cybersecurity Insights report Mind the Gap: Cybersecurity\u2019s Big Disconnect. Learn more about how your organization can minimize gaps its cybersecurity strategy.Charles Cooper has covered technology and business for the past three decades. All opinions expressed are his own. AT&T has sponsored this blog post.