Overview
Cyber risk is one of the defining governance challenges facing today’s executives—yet most organizations still manage it as a technical problem owned by IT, isolated from the enterprise risk conversation. This program teaches senior leaders to govern cyber risk in the language they already use to run the business: exposure, likelihood and impact, controls, accountability, and return on mitigation.
The course is anchored in the Nexus of Risk framework developed by M. K. Palmore, which holds that cyber risk is causally connected to physical and human capital risk, and that the most damaging exposures emerge at the intersections that siloed assessments miss. Participants learn to quantify cyber exposure in business terms, trace how a cyber event cascades across operational, financial, regulatory, and reputational domains, and ask sharper questions of their security teams. The result is an executive who can govern cyber risk as an enterprise risk—confidently, and without a technical background.