Once upon a time, on average, a company would undertake a security risk assessment every 3-5 years. In between this, they may have carried out an additional assessment only if a significant update to infrastructure or equipment occurred.
In today’s risk landscape, it’s actually necessary for some organizations to assess risk weekly. From a disgruntled employee to a new presidential administration – it all has an impact!