Many organizations are still struggling to adopt a more risk-focused approach to cybersecurity, although the need for it has been recognized for years. Some familiar issues have been holding them back, including infrastructure complexity, third-party risks, understaffing, resource shortages, and — most significantly — not measuring cyber-risks and their impact on business.

Read full news article on Dark Reading