GV.OC-02 focuses on identifying and comprehending the stakeholders—both within and outside the organization—who influence or are impacted by cybersecurity risk management. Internally, this includes employees, executives, and advisors with expectations around performance and culture, while externally, it involves customers, partners, regulators, and society, each with distinct needs like privacy or compliance. Recognizing these stakeholders ensures their perspectives shape risk management strategies effectively.

By considering stakeholder needs, organizations can tailor cybersecurity measures to meet diverse requirements, such as safeguarding customer data or adhering to regulatory standards. This subcategory promotes a holistic approach, fostering communication and collaboration to balance internal priorities with external obligations. It underscores that cybersecurity is not just a technical issue but a relational one, requiring ongoing engagement to maintain trust and alignment.