It’s imperative that organisations conduct risk assessments when preparing, maintaining and updating their cyber security policies and programs. Thorough risk assessments help you identify and address any threats that your organisation may face, allowing you to mitigate them before it’s too late. Organisations that are not ready or not looking to implement ISO 27001 should also read this paper to understand what data protection and cyber security risks they might be taking.