Chasing the chimera of zero cyber risk?

Comforting but unrealistic claims such as “we have no appetite for cyber risk” or “we aim to avoid all data breaches” may sound responsible, but they reflect a poor understanding of today’s dynamic cyber threats. Boards should ask more grounded questions to shift the conversation from abstract ideals to an honest assessment of risk management capacity.