I walked into a business the other day. After a long conversation about the client’s need for cybersecurity and the implementation of the ISO27001 security standard, we talked about their risk appetite.
“We don’t accept any risk. We’re risk-averse” said the CEO. But, is this achievable?
Given the complexity of our modern world, with diversity in the people, locations, services and technologies, can any organisation be totally risk-free, and therefore, can any business be totally free of the risk of a data breach?
The simple answer is no. It’s not possible.