A well-known hacking group has publicly stated they will target a company. What is the risk professional's FIRST action?

The first action a risk professional should take when a well-known hacking group announces their intent to target a company is to inform senior management about the threat. Senior management has both the authority and responsibility for making strategic decisions regarding the company's security posture and resource allocation.

By communicating this information to senior management first, the risk professional ensures that the leadership is aware of the potential risk and can initiate an appropriate and proactive response, such as deploying additional security measures, allocating sufficient resources, or formulating a coordinated incident response plan. Senior management may also decide to inform other stakeholders or legal entities as part of their risk management strategy.

Keeping senior management informed allows for a more centralized and comprehensive approach to risk mitigation, ensuring that all actions taken are in alignment with the organization’s overall strategy and that the organization's resources are effectively utilized to address the threat.