This article discusses the escalating severity of cyber attacks and the challenges companies face in managing cyber risk due to the expanding and complex attack surface. It argues for a fundamental change in how companies measure cybersecurity performance, proposing three strategies to improve cyber risk measures. By enhancing measurement and incentivization, the piece suggests that companies can not only manage technology risks more effectively but also turn them into opportunities for building a more resilient economy.
