Developing cyber risk management strategies before the occurrence of an adverse event reduces the cost and duration of loss. To accomplish this task, you must first understand your risk profile throughout the life cycle (analysis, mitigation, and monitoring) of an adverse cyber event. In the long term, undertaking this process will also all you to determine the optimal balance between your acceptance of risk and the degree of risk mitigation investments you are willing to make.
Risk analysis is the identification and quantification of adverse cyber events. Identification refers to the target impact of an incident. Generally, the target of an incident can be characterized in one of three tiers: risks exlusive to your business, risks exclusive to your customers and risks shared by you and your customers.