Prioritize Riskiest Assets
Every organization has a ton of important data, but not all of it is prioritized as being "material data" — a.k.a. the "crown jewels" of your organization. Depending on your line of business, this could be a number of different things — customer data, intellectual property or trade secrets.
Examining your cyber risk — or the cyber incidents that could have a significant economic impact on your organization — is the key first step to proactive cyber risk management. So if you agree that your material data is the most important thing to protect in your organization, you need to decide how you're going to fend off anyone who tries to compromise it. If you start from this point and work backward, you can put together a solid cyber risk management program.