An insight report written by PWC which gives an overview of how businesses can effectively and proactively manage cyber security risk. They argue that a different mindset is needed. One that enables you to communicate a forward-looking view of how external threats and organisational changes should impact your security investment decisions. 

Full report in the link below:

https://www.pwc.co.uk/issues/cyber-security-services/insights/improve-risk-management-with-data-driven-framework.html