Skip to main content Skip to footer site map

Enterprise Risk Management: How Do Firms Integrate Cyber Risk? : RAND Corporation , 2023


RAND Corporation

Download PDF

From the abstract: "The purpose of this study is to examine how companies integrate cyber risk into their enterprise risk management practices. Data breaches have become commonplace, with thousands occurring each year, and some costing hundreds of millions of dollars. Consequently, cyber risk has become one of the gravest risks facing organizations, and has attracted boardroom-level attention. On the other hand, companies already manage many kinds of difficult and growing risks, and that firms lose less than 1% of annual revenues as a result of cyber incidents. Therefore, how should firms appropriately address cyber risk? Is it indeed a materially different kind of risk area, or is it simply just one more risk that can seamlessly be integrated into existing enterprise risk management (ERM) practices?"

Authors - Romanosky, Sasha, Sayers, Elizabeth L. Petrun



Romanosky, Sasha, Sayers, Elizabeth L. Petrun


RAND Corporation


PDF - Download

Related Resources