What people know and in what contexts they make decisions about risks, affect their decisions. Large organisations encompass a range of risk cultures or regimes that affect how risks are managed, making it difficult to create a common understanding of cyber and information security risks and priorities.
Takeaways: