Security managers are constantly being asked about the biggest cyber risks at present. But how big is the actual risk within the company? CISOs should be able to answer this question.