What should a company do when it encounters an unacceptable risk?

When a company encounters an unacceptable risk, identifying a relevant mitigation strategy is essential. This strategy will help reduce the risk to an acceptable level, ensuring the organization's compliance with ISO 27001 standards and protecting its information assets. The process typically involves assessing the specific risk, evaluating its potential impact, and determining appropriate measures to address it. This could include implementing new controls, enhancing existing processes, training staff, or employing technology solutions to minimize vulnerabilities.

Developing new products may not address the risk directly and could divert resources away from addressing the pressing issues at hand. Similarly, increasing marketing efforts does not have a direct correlation with risk management and may instead focus on business growth without resolving underlying vulnerabilities. Terminating affected operations is often seen as a last resort and could lead to significant disruption and loss rather than a considered approach to managing risk effectively. Therefore, a relevant mitigation strategy directly targets the risk and is aligned with both business objectives and compliance requirements, making it the most appropriate course of action.