Navigant's Cyber Risk and Information Security PracticeLearn More


Top Misconceptions of Cyber Assessments14 December 2016

Academia, Financial Services, Healthcare, IT Security, Risk Management

One of the biggest challenges of strengthening your organization’s network security is understanding where to begin. Security vendors are constantly pushing new hardware and software on organizations to solve their problems, but there is no “one solution” to cyber security. A cyber security risk assessment helps organizations identify their unique areas of weakness so they can build a roadmap to a more secure network. But what is a cyber security risk assessment? We’ve heard differing definitions and concerns about the resources, components, and timeline necessary to perform a comprehensive assessment. Below are some of the most common misconceptions and an explanation of why they are incorrect.

  1. Cyber Security Risk Assessments Are Expensive

Many organizations are concerned about the expense associated with performing a cyber security assessment. It can sometimes seem counterproductive to spend resources assessing a network’s vulnerability when you could be spending those resources securing it. However, performing an assessment will help you more effectively allocate resources to secure your network. It is important to gain an understanding of where you need to improve before developing any strategy.

  1. Risk Assessments Only Focus on Technology

It’s common for organizations to think only about technology when they plan their cyber security strategy. However, most of today’s breaches are caused by employee error, either intentional or unintentional. It is important to examine your organization from a holistic risk management perspective, not just a technical one. By incorporating policy and employee security awareness analysis into your assessment, you are able to gain a more comprehensive snapshot of your security posture.

  1. Risk Assessments Require Large Time Commitments

Senior executives all have their own unique set of full-time job responsibilities, so they often think allotting time to a cyber security risk assessment can be difficult. Apart from the kickoff meeting and the findings meeting, assessments require a minimal amount of time from the executives. At COMPASS, we routinely perform full assessments across an organization’s technology, policies, and employees in approximately 30 calendar days.

Securing your organization from internal and external threats can be an overwhelming feat. Assessing your organization’s current security posture provides critical information necessary to ensure that you are properly allocating resources. A cyber security risk assessment will identify your organization’s strengths and weaknesses so that you and your team can build a roadmap to a safe and secure network.

For more information on what you should look for in a cyber security assessment, see our Assessment Checklist HERE or feel free to CONTACT US.

Work With Us Learn How