Effective cyber risk management and privacy protection require a comprehensive framework based on three pillars — people, processes and technology.