top of page
  • Neil HB

Risk is not an 'absence of control'

I regularly visit so many organisations and attend so many meetings where the overwhelming view of risk is that it is inversely proportional to control.

All of the other factors that make up scientifically derived risk through objective assessment are either implied (and subjectively guessed) or absent from the analysis: I say "analysis" but really mean "observation".

Analogies? To me it's like saying a bus shelter is a house, a sponge is a brick or my Mum is the Queen.

Sure there are some resemblances and from a distance who could tell right? Err, wrong! You cannot live (for any meaningful length of time) in a bus shelter before you catch pneumonia or are moved on as a nuisance. You cannot raise a building with sponges and the House of Windsor cannot plan the royal agenda by referring to my Mum's wall calendar.

Similarly, businesses should not view risk as the pure inverse of control and should determine it both objectively and scientifically. The tools and methodologies are there to help so why not use them?

Subscribe to STORM
cyber security insights

Stay informed on the latest trends in digital security, cyber insurance, incident response and more with our industry leading insights, blog and webinars.

bottom of page