The mere mention of the word, or better, the concept of risk conjures up concerns they may not want to know about, acknowledge, or want to sweep under the proverbial rug. In some companies, discussions about risk may be few and far between especially when the concept is just not a part of the organizational vernacular. The transition from an its all about security and protecting the crown jewels to we need to mitigate risk and embrace risk management is a crucial step next step for the information security profession.”]
Source: https://www.csoonline.com/article/3326535/embracing-risk-management.html