Having Clarity On Cyber Risk Is Power
"We don't know what we don't know."
If you've ever said this when it comes to cybersecurity, you're not alone. That uncertainty is one of the biggest threats mid-market and smaller companies face today. Too many organizations operate without a clear cyber risk management strategy. It's not because they don't care but because they're unsure where to begin.
Fortunately, organizations can discover and address most cyber risks with two complementary activities:
• Cyber Risk Assessment: A structured, organization-wide review of the company's policies, procedures and technical controls.
• Penetration Testing: A real-world exercise where ethical hackers simulate attacks to uncover technical vulnerabilities. The Blind Spot Crisis: The Greatest Security Threat
The vast majority of breaches stem from vulnerabilities companies didn't know existed. Risk assessments provide a holistic overview of cyber risk across the organization. Penetration testing identifies technical gaps a cybercriminal can use while conducting an attack. Together, they provide unmatched clarity and a direct path to fortify defenses.
However, many companies focus on shiny tools while overlooking the fundamentals like incident response planning or operational continuity after a breach. That's like buying a high-end alarm system while leaving the front door wide open.
Organizations serious about resilience need a proactive, comprehensive strategy that protects not just their data but their ability to operate. Conducting Cyber Risk Assessments: The Proactive Method
A well-run cyber risk assessment sets the stage for everything else. Measuring Against A Cybersecurity Framework
Cybersecurity isn't a "make it up as you go" type of matter. Organizations can't just throw tools at the problem and hope it works out. It's critical to follow an industry-recognized cybersecurity framework. This is a structured set of controls that guides security posture in alignment with proven best practices.
Industry-backed frameworks provide a reliable benchmark. A few of the most respected options include:
• NIST CSF 2.0: Widely adopted across industries, especially in the U.S.
• CIS Controls: Prioritized into "implementation groups" for different organizational sizes.
• ISO 27001: A global standard, particularly for international or compliance-heavy businesses.
These frameworks are starting points rather than rigid rules. Every company is different, and each must tailor its assessment to its business, industry and risk tolerance. A good cybersecurity partner can help prioritize the controls that matter most and cut through the noise. The Three Pillars Of Security
Strong security isn't just about tech. It's about building strength across three areas that cybersecurity frameworks cover:
• People: The first line of defense—and often the weakest link.
• Processes: Defined, repeatable methods for doing things securely.
• Technologies: Important, but only as good as the strategy and configurations.
Companies love buying new security tools, but I find that most don't need more tech to strengthen security. They need better implementation of what they already own. They don't solve complexity by adding more complexity. They solve it with clarity, discipline and alignment across their people, processes and technologies. Security Road Map: Getting Everyone On The Same Page
Once organizations have completed a cyber risk assessment, they'll see where the gaps are and what needs to happen next. That's the road map.
This isn't about pie-in-the-sky "initiatives." It's about practical, prioritized actions:
• What reduces the most risk the fastest?
• What aligns with business priorities?
• What can be done within the team's capacity and budget?
Balance quick wins with longer-term projects. Show progress, build momentum and always tie every security initiative back to business goals. Security for the sake of security doesn't resonate. Security that supports growth, continuity and reputation does. Penetration Testing: See What The Enemy Sees
Risk assessments show where security controls fall short across the organization. Penetration tests provide a technical vantage point, showing organizations where an attacker could get through.
Ethical hackers use the same tools and tactics as malicious actors to uncover weaknesses that organizations might not even know exist. A pen test isn't just a scan—it's a hands-on simulation of a breach attempt. A comprehensive test includes real cybersecurity experts (humans, not just automation) using the latest tools, technologies and methodologies to identify exploitable attack surfaces. Pen Test Scope
Pen tests should focus on what matters most to the business. Depending on the environment, that could include the external network, internal network, cloud platforms, web applications, wireless networks, operational technology (OT) and even the people inside the organization through social engineering. The Three "Boxes" Of Pen Testing
Pen tests come in a few flavors, each with a different perspective:
• White-Box: Full access and information. Thorough, but not as realistic.
• Black-Box: Simulates an outsider's view. Realistic but limited.
• Gray-Box: The sweet spot. Enough access to be efficient, enough realism to simulate an attacker's perspective.
Think of pen testing as an organization's chance to "fight the enemy before the enemy fights them." Just like risk assessments, it's not one-and-done. It should be a regular part of the cybersecurity strategy. Gaining Clarity: Knowing And Understanding Risks
This is the goal. A proper cyber risk assessment, guided by an industry framework, tells organizations where their defenses are strong and where they're lacking. A penetration test shows how an attacker would exploit those weaknesses. Together, they provide full-spectrum clarity—technical and strategic.
That clarity is power. It allows companies to direct resources where they're needed most. It gives leadership teams real answers, not guesswork. It transforms cybersecurity from a cost center into a strategic enabler. The Bottom Line
Organizational leaders don't need to be cybersecurity experts, but they do need to know where their risks are and what to do about them. Companies that thrive in this new threat landscape aren't the ones that buy the most tools or shout the loudest about compliance. They're the ones who understand their vulnerabilities, prioritize wisely and take consistent, confident action.
Start with visibility, build the road map, test defenses and move forward with clarity. "We don't know what we don't know" cannot be left unsolved in today's environment.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
19 minutes ago
- Yahoo
Coface SA: Coface agrees to acquire Novertur International SA (business-monitor.ch), enhancing its Business Information offer in Switzerland
Coface agrees to acquire Novertur International SA ( enhancing its Business Information offer in Switzerland Paris, 17 July 2025 – 18.30 Coface announces the signing of an agreement to acquire 100% of Novertur International SA. Novertur International SA, a Swiss startup based in Lausanne, has developed strong digital expertise in managing data on Swiss companies, which it distributes through its platform Launched in 2016, the platform has become a key tool for SMEs and large companies in Switzerland for risk management and B2B prospecting. It offers simple, fast and reliable access to up-to-date information on more than 730,000 active Swiss businesses. The technological innovations developed by Novertur International SA - particularly in data structuring and user experience - combined with Coface's expertise in credit risk, will significantly strengthen Coface's Business Information offering in Switzerland. This acquisition strengthens the Group's data, technical capabilities and expertise, in full alignment with its strategic plan Power the Core, which aims to enhance its high value-added services while strengthening its local presence. Florent Schlaeppi, CEO and Founder of commented: 'From day one, we designed to be intuitive, fast, and useful for anyone analyzing companies. Joining Coface is a tremendous opportunity to take our mission to the next level by putting our technology at the service of a global player in business risk.' Christian Moins, Country Manager Coface Switzerland, commented: 'We are particularly excited to welcome the Business Monitor team to Coface. The acquisition of Business Monitor demonstrates Coface's ambition to establish itself as a key player in Business Information. This transaction significantly strengthens our position in the Swiss market, making Coface an even more attractive partner for its clients. ' The completion of the acquisition remains subject to the usual closing conditions. CONTACTS ANALYSTS / INVESTORSThomas JACQUET: +33 1 49 02 12 58 – Rina ANDRIAMIADANTSOA: +33 1 49 02 15 85 – MEDIA RELATIONSSaphia GAOUAOUI: +33 1 49 02 14 91 – BILLET: +33 1 49 02 23 63 – FINANCIAL CALENDAR 2025(subject to change)H1-2025 results: 31 July 2025 (after market close) 9M-2025 results: 3 November 2025 (after market close) FINANCIAL INFORMATIONThis press release, as well as COFACE SA's integral regulatory information, can be found on the Group's website: For regulated information on Alternative Performance Measures (APM), please refer to our Interim Financial Report for H1-2024 and our 2024 Universal Registration Document (see part 3.7 'Key financial performance indicators'). Regulated documents posted by COFACE SA have been secured and authenticated with the blockchain technology by can check the authenticity on the website COFACE: FOR TRADEAs a global leading player in trade credit risk management for more than 75 years, Coface helps companies grow and navigate in an uncertain and volatile environment. Whatever their size, location or sector, Coface provides 100,000 clients across some 200 markets with a full range of solutions: Trade Credit Insurance, Business Information, Debt Collection, Single Risk insurance, Surety Bonds, day, Coface leverages its unique expertise and cutting-edge technology to make trade happen, in both domestic and export markets. In 2024, Coface employed ~5,236 people and registered a turnover of €1.84 billion. COFACE SA is quoted in Compartment A of Euronext ParisCode ISIN: FR0010667147 / Ticker: COFA DISCLAIMER - Certain declarations featured in this press release may contain forecasts that notably relate to future events, trends, projects or targets. By nature, these forecasts include identified or unidentified risks and uncertainties, and may be affected by many factors likely to give rise to a significant discrepancy between the real results and those stated in these declarations. Please refer to chapter 5 'Main risk factors and their management within the Group' of the Coface Group's 2024 Universal Registration Document filed with AMF on 3 April 2025 under the number D.25-0227 in order to obtain a description of certain major factors, risks and uncertainties likely to influence the Coface Group's businesses. The Coface Group disclaims any intention or obligation to publish an update of these forecasts, or provide new information on future events or any other circumstance. Attachment 2025 07 17 PR Novertur acquisition agreementError in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Yahoo
19 minutes ago
- Yahoo
Seven Democrats vying to run for Mike Lawler's House seat. Here are the contenders
One by one they threw their hats in the ring: a crowd of Democrats eager for a shot at the House seat held by Republican Mike Lawler in one of the country's most competitive districts. The field of Democratic contenders for New York's 17th Congressional District had grown to seven by early June, with no additions since then. Each is courting party support and raising money long before the 2026 primary for a Hudson Valley seat that Lawler has won twice and Democrats hope to flip in next year's mid-term elections. One early marker came Tuesday, July 15, when candidates reported how much they collected from April through June — an initial gauge of their support and viability for a costly battle. Two led the pack with big hauls: Cait Conley, a former national security official and Army combat veteran, raised $480,000 Rockland County Legislator Beth Davidson raised $352,000 Yet the newest candidate — Peter Chatzky, a tech company founder and deputy mayor of Briarcliff Manor — vaulted himself into their ranks by lending his campaign $500,000 and raising $180,000 in less than three weeks, according to his campaign. Lawler's campaign, meanwhile, took in nearly $1.4 million over those same three months, a quarter of which — $360,000 — came from three Republican committees that support GOP House candidates with tough races ahead. Lawler had $2.2 million in his coffers by June 30. Will Mike Lawler run for a third term in his NY House district? A big uncertainty still hanging over the race is whether Lawler will run for a third term. He has been weighing a campaign for governor instead, which would take him out of the House race and lift Democrats' chances of claiming his seat. Lawler had planned to announce his decision in June but hasn't said yet which office he will seek. Westchester County Democrats held a series of forums to introduce the large cast of candidates to party members. Suzanne Berger, Westchester's Democratic chairwoman, said the party is planning a forum with a slightly winnowed lineup of four or five top contenders in September. Democratic voters in the 17th District — all of Rockland and Putnam counties, half of Westchester and a sliver of Dutchess — ultimately will choose their party's nominee in a primary next June, still 11 months away. Here are the seven Democrats now vying for that role. Jessica Reinmann Reinmann, a 49-year-old Chappaqua resident, jumped in first, filing federal paperwork to be a candidate in January as the new House term was just getting under way. She is the founder of 914Cares — a nonprofit that fights poverty in Westchester — and has pitched herself as a problem solver with a "mission-driven" campaign. Her finance report shows she raised $109,000 and contributed $115,000 of her own to her campaign in the second quarter of the year. She had $443,000 on hand as of June 30. Beth Davidson Davidson, a 52-year-old Nyack resident, has been a county legislator since 2024 and served two terms on the Nyack school board before then. She joined the race in February with an early endorsement by former Rep. Mondaire Jones, who represented the 17th District before its lines were redrawn in 2022 and who lost a comeback bid against Lawler last year. Davidson, who has long been active in politics, has since rounded up endorsements from a few dozen elected officials and Democratic leaders from Rockland County, along with a litany of activists from around the district. She reported raising $352,000 in the second quarter and finishing with $489,000 in her coffers. She had raised a total of $855,000 during her five months in the race — the highest overall sum of the candidates. Cait Conley Conley, a 39-year-old Ossining resident, worked in the Biden administration for four years, first as director of counterterrorism for the National Security Council and then as senior advisor for the Cybersecurity and Infrastructure Security Agency. She's a West Point graduate who served 16 years in the Army, with deployments to Iraq and Afghanistan. She has been endorsed by the progressive veterans' group VoteVets and a pair of forward-looking Democratic groups: New Politics and the Next 50. Conley reported raising $480,000 in the last three months and $816,000 overall since entering the race in March. She had $614,000 in her coffers by June 30. Mike Sacks Sacks, a 42-year-old Croton-on-Hudson resident, is a former journalist who has covered the Supreme Court and was a TV reporter for Fox 5 New York for four years. He now works as a "pro-democracy advocate and constitutional analyst." Sacks joined the race in April and has since raised $212,000, finishing the second quarter with $102,000 in his coffers. John Sullivan Sullivan, a 41-year-old Piermont resident, is a former FBI analyst who quit the agency after 17 years because of what he said was the chaos caused by the new Trump administration. He then moved to Rockland County from the Washington, D.C. area and launched his bid for Congress, after declaring he could better serve the FBI "from the outside." Sullivan reported raising $301,000 since joining the race in April, the third highest total. He had $164,000 on hand after expenses. Effie Phillips-Staley Phillips-Staley, a 54-year-old Tarrytown resident, is a longtime nonprofit leader and elected trustee in her Westchester County village. With five candidates already in place, she joined the field in May and set herself apart as a progressive stalwart, rejecting the idea that Democrats must move to the right to win. She has since raised $52,000 and kicked in $100,000 of her own money, finishing the second quarter with $99,000, according to her campaign. Her spokesman said Phillips-Staley was waging a grassroots bid with no "list of corporations, ultra-rich and Washington establishment figures to seed her operation." Peter Chatzky Chatzky, a 64-year-old Briarcliff Manor resident, is the founder and CEO of a financial technology company called Napa Group LLC. He has served for six years as a village trustee — now holding the title of deputy mayor — after an earlier two-year stint as mayor. NY17: Is ex-Rep. Sean Patrick Maloney the NY Dems' best chance against Lawler after 2022 loss? His $500,000 loan to his campaign and spurt of donations in June brought his balance to $674,000. That was the most any of the seven candidates had on hand as of June 30, just ahead of Conley's $614,000. Chris McKenna covers government and politics for The Journal News and USA Today Network. Reach him at cmckenna@ This article originally appeared on Rockland/Westchester Journal News: The 7 Democrats vying to run for Rep. Mike Lawler's seat: A guide Solve the daily Crossword
Yahoo
19 minutes ago
- Yahoo
CorpGov to Join Forward Global Celebration of NY Office Launch at Nasdaq
By CorpGov Editorial Staff will be onsite for international risk management firm Forward Global's celebration of its New York office, reinforcing its U.S. presence alongside locations in Washington, D.C. and Miami. Leading the New York office is Marc Yaklofsky, a veteran in corporate communications and government affairs. He will oversee efforts in strategic communications, financial investigations, and anti-counterfeiting initiatives. 'New York is the cornerstone for global finance, law, and commerce. Expanding here allows us to better serve our international client base,' Yaklofsky said in a statement. 'Forward Global has demonstrated its expertise in helping clients navigate critical reputational, regulatory, and geopolitical challenges around the world, and I'm thrilled to spearhead this next phase for the firm.' Those interested in participating can RSVP here. 'With our dedicated US teams specializing in investigations and due diligence, shareholder activism, strategic and geopolitical risk advisory, public affairs, and financial and strategic communications, Forward Global's growing presence in New York City marks our continued commitment to serving as a multi-disciplinary one-stop shop for our clients and partners,' said Co-CEO & Co-Founder Brendan Foo. Contact: Editor@ X: @IPOEdge Instagram: @IPOEdge The post CorpGov to Join Forward Global Celebration of NY Office Launch at Nasdaq appeared first on CorpGov. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
