Network Rail has revealed how it has developed new risk management strategies in order to take a broader but more nuanced approach to assessing potential threats to its business.

The company, which owns and manages the majority of rail infrastructure in England, Scotland and Wales, is trying to move away from the outdated, one-dimensional perception of risk management.

Speaking at Computing magazine's Enterprise Security and Risk Management Summit 2015, Paul Watts, head of information security at Network Rail, said the traditional view of corporate risk management focuses on potential impediments to achieving key business outcomes.

In the past, methods of measuring risk have been similarly blinkered, failing to look beyond the probability of certain problems and their potential impact.

"That single dimension of risk measure no longer supports the modern-day demands for good enterprise risk management," said Mr Watts.

The Network Rail executive illustrated his point by referring to how less mature companies typically approach risk management - by developing and implementing a rigid strategy that is not revisited for years, by which time the risk environment has altered dramatically.

Discussing the unique methodology his own company is now using, Mr Watts said risk assessment should be a flexible, considered process that takes into account various potential outcomes.

"Risk is [now] measured and qualified against multiple vectors of risk outcome or impact such as safety - which is absolutely critical to Network Rail - financial, legal, regulatory and reputational," he explained.

In light of the new threats emerging in the digital age, one of the company's biggest risk management considerations - particularly when it comes to acquiring new digital technologies for railways - is cyber security.

Mr Watts revealed that security assurance and asset security accreditation schemes are among the main components of Network Rail's ongoing cyber security business transformation programme.