In a ransomware scenario, do you have a clear understanding of what information your executive team would need in order to make a decision on whether to pay the ransom or not?

Threat Intelligence & Incident ResponseRisk Management

Yes50%

No - somewhat unclear on necessary info41%

No - very unclear on necessary info9%

Other

70 PARTICIPANTS
232 views

Content you might like

Are there any specific risks that “shadow AI” introduces that traditional shadow IT does not? How are you handling any risk or compliance issues that didn’t exist with shadow IT?

I’m in the process of developing and formalizing the Risk Appetite Statement (RAS) for my organization, a public transport operator. Before we bring the draft to the Board, I’d appreciate your views on the best approach for engaging the Senior Leadership Team (SLT): Is 1:1 engagement more effective to gather candid input? Or would a group workshop be better to align perspectives and drive collective ownership? If anyone has experience developing a RAS specifically for a public transport or infrastructure-focused entity, I’d love to hear your lessons learned or key considerations. Appreciate any tips or tools!

Read More Comments

Are you currently working to diversify your organization’s threat intelligence (TI) sources?

Yes, recently added additional TI sources67%

Yes, currently working to add TI sources33%

No, our TI sources are sufficiently diverse

No, TI sources lack diversity but this isn’t a priority for us

Other/unsure

View Results

Is your cybersecurity risk management integrated into enterprise risk management?

Yes76%

No22%

Don’t know1%

View Results

A common challenge in our risk-tiering framework for suppliers is that even the lowest risk tier still requires processing.
Has anyone implemented a "not relevant" risk tier in their model?
This tier would apply to vendors posing genuinely negligible security risk.