
July 1, 2026
Hacker Hub - July 2026
Supply chain attacks are one of the fastest growing cyber threats. SMEs are frequently the entry point attackers use to reach larger targets. Here is what you need to know and what to do about it.
Read MoreA risk assessment is the process of identifying, scoring and treating risks, a risk register is where you record the assessment. The assessment method should be a repeatable process that allows you to score risks with consistency allowing your defined acceptance criteria to be used to make decisions on how to treat risks. The register should log the key information garnered from the process to help make decisions.
To make your risk assessment effective, your process is key, the approach should be well defined to ensure consistent results, this allows the business to make prioritising identified risks easier and ensuring that response is appropriate.
As part of your analysis, you will use a quantitative or qualitative scoring system where possible. Quantitative should be used, but unfortunately, it is difficult to apply due to the exact nature of the process; quantitative uses numbers to define the actual value of risk; a simple example is an e-commerce platform that can be valued operationally by how much revenue it generates. Qualitative, on the other hand, is more of a finger-in-the-air type measurement, and this makes it more important to make at least one person chief finger in the air holder to maintain consistency.
These are the key steps in a risk assessment.
Identification of Risks: Risks can come from internal and external elements and are often identified through risk workshops, events, and incidents, as well as by looking at the ever-changing landscape.
Risk Analysis: Once identified, risk needs to be assessed for their likelihood and potential impact to the business, this will most likely be using qualitative scoring depending on available data.
Risk Evaluation: Once analysed you can start to prioritise them based on their risk level, allowing focus on highly impactful and highly likely risks first.
Risk Treatment: Now that you have evaluated your risks and determined the level.
Once risks have been evaluated, appropriate risk treatment measures are identified and implemented to mitigate or manage them effectively. This may include risk avoidance, risk transfer, risk reduction, or risk acceptance, depending on the organisation's risk appetite and available resources.
Monitoring and Review: Finally, the risk assessment process is an ongoing activity that requires regular monitoring and review. Risks should be reassessed periodically to ensure that mitigation measures remain effective and to identify any new or emerging risks that may require attention.
These are the 5 key things I would do to ensure that you get the best value out of your risk assessment process.
Download a simple pre-populated Risk Register HERE.

July 1, 2026
Supply chain attacks are one of the fastest growing cyber threats. SMEs are frequently the entry point attackers use to reach larger targets. Here is what you need to know and what to do about it.
Read More
June 1, 2026
Five of the most common cyber threats targeting small and medium-sized businesses today, explained in plain English with practical steps you can act on right now.
Read More
June 1, 2026
AI tools are now accessible to attackers and defenders alike. Anthropic's Mythos model proves the game has changed. Here's what that means for your business.
Read More