Chances are that pretty much anyone working in any line of business will find the words ‘risk’ and ‘assessment’ about as boring as can be. Often seen as little more than a bureaucratic box to tick that’s more about jumping through hoops than doing anything productive, risk assessments are commonly overlooked and in some cases ignored altogether by business owners.

Unfortunately, as time moves forward the risk assessment as we once knew it has become somewhat dated in most business areas. Of course, there will always be a highly important place for traditional risk assessment processes, but when you’re looking at a 21st century business where networks, the cloud and IT systems play a key role, things aren’t quite as simple as they once were.

For example, a risk assessment carried out on a standard retail store may include focus on loss-prevention and how to avoid falling foul of criminals in general. By contrast, an online e-commerce business isn’t likely to face the same physical shoplifting threats as a conventional store, though could still be stolen from by cyber-criminals – hence why a wholly different level of risk assessment is needed.

According to the experts at, the overwhelming majority of modern businesses are still dangerously underestimating the importance of 21st century risk assessment. In terms of what’s involved in a new-generation risk assessment, it’s all about looking beyond the confines of the physical world and evaluating where digital/data-based threats exist in order to determine how to protect the assets of the business.

Standard elements include:

Identifying Your Information Assets and Existing Controls

This is the stage of the process that involves determining what kind of important data and processes the business relies upon and taking into account how it is accessed and where from. This will of course be 100% unique from one business to the next, with some having vastly greater information asset banks than others.

Identifying Potential Threats and Vulnerabilities

When the data of key importance and value has been identified, it’s then a case of analysing the current systems as a whole in order to determine exactly how, when and from what points of entry an attack may occur. From wireless network access to on-site security breaches at the hands of current employees and so much more, any and every possible way the systems could be accessed without authorisation are taken into account.

Calculating an Indication of Probable Loss and the Likelihood Of That Loss

When the above information has been gathered and studied, the risk assessment team may then attempt to work out exactly how likely it is that data loss or security breaches in general may occur. In some businesses there may be incredibly sensitive data and multiple potential points of unauthorised entry, but if they are covered well enough by robust security systems, the chances of anyone actually breaching barriers and finding their way into the system are minimal.

Selecting Security Measures Suitable For Your Business

All that’s been learned so far is then used to create something of a plan of action wherein any security measures and upgrades that could be of benefit to the business are outlined and proposed. This could be anything from simple software updates to hardware overhauls or even something as intensive as round-the-clock monitoring on the part of a remote security service.

Implementing the Security Measures to Reduce Risk

All proposals are discussed in full with the business owners who are then given as much time as necessary to reach a decision as to which to implement and when. The team behind the risk assessment will then personally arrange for the new measures to be put into place which may be done by their own team or perhaps outsourced to a trusted team of technicians. The whole process is handled from start to finish and any changes to the way the networks may operate are explained to the business owners and in some cases demonstrated to employees by way of training sessions.

Calculating and Recording the Effects Of These Measures On Risk To Justify Continuation Of The Measures In The Future

Last but not least, the final stage of the process is that of taking a close look at the new security systems and evaluating over any given period of time how well they are working or otherwise. It’s a case of carrying out on-going analysis in order to find out which elements are working, which could do with a few changes and which have proved either wholly ineffective or superfluous.