The guidance states that “In order to understand the cyber risk to your business, you should conduct a Cyber Risk Assessment. This will help to ensure that your approach to cyber security is proportionate. Whilst there is no prescribed format for this, it should be based on the Risk Management processes detailed below. Note that the risk assessing is a continuous, on-going process which you will need to revisit as your business changes and / or threats evolve.”
The guidelines help organisations understand: assessing the risk, impact, threats, vulnerability, and offers other guidance and toolkits.