Becoming CyberSmart™: a Risk Maturity Road Map for Measuring Capability Gap-Improvement Domenic Antonucci, Editor and Chief Risk Officer (CRO), Australia Didier Verstichel, Chief Information Security Officer (CISO) and Chief Risk Officer (CRO), Belgium

Tom prepared his last slides for presentation to the Board with a quiet sense of satisfaction. His chief risk officer Nathan, had summarized the assessments of the current state of enterprise-wide capabilities to deliver an effective cyber risk management subsystem to the existing enterprise-wide risk management (ERM) system. These assessments were sourced from all functional heads. As CEO, he knew the board expected to see future gap improvements in these capabilities. As he saw his chairperson, Mara, enter his office, he quietly smiled. He held a new confidence that his organization had a way to measure and track capability gaps.


Improving risk management maturity improves trust and reliability in the organization’s ability to achieve its objectives, to report its risk profile(s), and to add value to the organization. More mature enterprise risk management (ERM) systems deliver researched bottom-line, top-line and other “hard” benefits for an organization such as the tripling of the bottom-line.1 There is no reason the same does not apply for the ERM subset, a cyber risk management system.

Enterprise risk management system capabilities mature over years at staggered rates unique to your organization. The ...

Get The Cyber Risk Handbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.