Digitalization adds convenience to our lives in many ways. We communicate and do shopping online, turn the heating up at home while leaving the office, and connect the lights to remote control them...Show moreDigitalization adds convenience to our lives in many ways. We communicate and do shopping online, turn the heating up at home while leaving the office, and connect the lights to remote control them from the couch. The examples illustrate how technology has shaped our lives in the past decades. Our interaction with technology has changed dramatically. This development affects organizations as well. Organizations adopt new technologies to service their clients in order to gain competitive advantage. Processes and services are offered digital and in many cases, online. Independent of the processes and services offered, organizations require adequate security measures to protect their assets. As examples in the news illustrate, not doing so may result in serious business impact like loss of reputation, financial losses, operational or legal impact, or even worst case scenarios like bankruptcy. At the same time, there are numerous challenges that organizations face in securing their assets. These challenges include a rapid changing threat landscape, new technologies, vulnerabilities in software, and the strongly interconnected and inherent complex nature of the cyber domain. To what extent are organizations able to protect their assets against cybersecurity threats? How do organizations assess their cybersecurity risks? Do these approaches fit the current cybersecurity challenges? Identifying, analyzing and evaluating cybersecurity risks can become a daunting task. Fortunately, there are many risk frameworks, methods and techniques available that organizations can adopt. Maybe even that many that selecting a fit for purpose approach becomes daunting by itself. This qualitative research explores the current state of cybersecurity risk assessment practices in organizations by researching to what extent the available cybersecurity risk assessment methods and techniques actually have been adopted by organizations. Second, the research investigates whether the chosen approach caters for the challenges in the cyber domain, and what benefits and limitations are perceived.Show less