1.1 - Risk management is broken. Let's rebuild it.
2026 Webinar Program: Rebuilding cyber risk management
Series 1: Cyber risk management, rebuilt: from ISO 27005 to the boardroom
To help you navigate your cyber risk management challenges, C-Risk has developed a three-part webinar series on rebuilding what's broken in cyber risk management. This approach reflects Gartner's guidance on CRQ: start with decisions, express exposure in ranges and set appetite thresholds. The result is a risk program that supports decisions across the business.
This series addresses the shift from compliance-focused to data-driven risk management, build the foundation for defensible analysis, and connect quantified cyber risk to enterprise governance.
1.1 - Risk management is broken. Let's rebuild it.
Cyber risk programs spend a lot of effort on compliance and controls testing, but these are only components of the risk management process.
This 30-minute Livestorm webinar diagnosed why many cyber risk programs can be audit-compliant yet still fail to provide value to corporate boards. The hosts positioned the core issue as a “data and governance chain gap” rather than a lack of tools, and outlined a target operating model for data-driven, board-relevant risk management.
Christophe Foret (C-Risk Co-founder) and Neil MacGowan (Customer Success Director, C-Risk) explored the following main topics:
- A board has different questions than an auditor: Most cyber risk programs can be “defensible” against an auditor, but they are “useless to a board” because board-level decisions require quantified, financial decision inputs.
- The gap is capability/data chain, not an absence of frameworks: Existing “risk-based” frameworks were described as written for auditors, not boards—so organizations often end up answering the wrong question with the wrong units.
- Siloed risk management creates outcomes that suppress strategy: Gartner research cited found 54% of organizations run siloed risk management; the hosts associated this with confusion, delayed timelines, and blockage of strategy, while noting that 70% of transformation projects fail when risk is handled poorly.
> Replay is available here.
1.2 - Risk intelligence as the foundation: the ten data factors
On June 2nd, Christophe Foret and Neil MacGowan will host webinar two of the series.
Cyber risk analysis is only as credible as the scenarios it's built on. Many programs analyze whatever the framework or tool prompts for, rather than the scenarios that would actually inform a decision.
Scoping should start with the decisions the business needs to make and the threats most likely to affect them. Cyberthreat intelligence and expert input narrow the field to the top threat-to-business scenarios that matter. A well-scoped scenario shows you what data is needed to reduce uncertainty and support an objective analysis.
What you’ll learn:
- How to move from a generic risk register to scenarios tied to specific business decisions
- How to incorporate cyberthreat intelligence and input from subject matter experts to prioritize scenarios
- What data each scenario requires, and how to perform an analysis
- How to recognize when a scenario is well scoped