Cybersecurity Risk Management (CSRM) can and should be integrated into your existing Enterprise Risk Management (ERM) framework. NIST recently published NISTIR 8286 as a guide to help enterprises of any maturity level input cybersecurity risk data into the decision making process.
“Cybersecurity risk measurement has been extensively researched for decades. As measurement techniques have evolved, the complexity of digital assets has also greatly increased, making the measurement problem more difficult to solve. Some low-level measures have been standardized, like the estimated likelihood and impact of a particular vulnerability being exploited. However, for other aspects of cybersecurity risk, there are no standard measures. Without consistent measures, there is little basis for analyzing risk or expressing risk in comparable ways across digital assets and the systems composed of those assets.” — NISTIR 8286