Cyber Security risk assessments are important not only because they are required, but because they help to secure a balance between our concerns with what may go wrong and our ability to invest against those threats. But if we are unaware of the potential harm that can come when strangers read our risk register, or if we do not write risks so that they reflect the obligations we owe others, then, ironically, we are allowing our risk assessments to increase risks.