Verizon study compares risk factors in six different vertical industries based on actual forensic breach investigations in those industries. Verizon study indicates that the likelihood of specific types of attacks varies radically from industry to industry. In a separate report, RSA’s Security for Business Innovation Council recommends a new process for calculating enterprise risk that more accurately weighs business rewards against potential security threats. The study calls for a new method of calculating risk that focuses less on IT security-specific issues and more on business issues, the council says.”]
Source: https://www.darkreading.com/analytics/why-risk-management-doesn-t-work