If risk management is defined as the process of identifying, assessing and reducing risk to an acceptable level, the question remains: What is acceptable? In terms of risks to employees, acceptable is that in the event of an emergency, no one gets hurt. When it comes to company data systems, the mantra is backup, backup, backup. Most will have secondary systems set up off site. Keeping going, no matter what, is the name of the game.

But is risk management as simple as that? Is it only about threats to life and limb, property and commercial capability? Focusing on the big risks