Business Risk Intelligence (BRI) - Decision Report
Risk management underpins every strategic decision at large commercial and government enterprises. Boards of directors establish the risk appetite for a particular organization, and this can vary widely amongst organizations. Effective risk decision-making requires the ability to assess emerging threats, vulnerabilities, and potential impact accurately, all while accounting for existing mitigations.
Traditional cyber threat intelligence, which has been largely focused on indicators of compromise, is insufficient in supporting the risk decision-making process, as it too often limits its focus on events in cyberspace. Not all actors constrain their operations solely to the cyber realm; top tier nation-states like the U.S. and Russia use the full-spectrum of their capabilities to achieve their objectives. A threat assessment of Chinese or Russian cyber operations without the context of the national objectives they are supporting fails to provide risk decision-makers with an accurate portrayal of the threat landscape upon which to make business decisions.