s ago most rms would manage cybersecurity and make investment decisions based mainly on industry best practices, resulting in their adopting certain technologies, policies and practices, without a detailed understanding of their specic overall cyber risk situation. As a result, very few successfully developed and deployed a strategic, comprehensive and eective cyber risk mana…