This is an excellent introduction to what we've been doing wrong as risk managers. It also offers an introduction to quantitative risk management techniques as a solution, but its strength is in clearly outlining the many weaknesses we humans have in thinking about risk - the "Why it's broken" portion of the book.
I'm going to need another source on "how to fix it", where this book falls down somewhat, being less clear on the actual implementation of quantitative risk management methodologies than it is on explaining why those methods are the solution.
Still, this book is very widely recommended among risk managers in forums/Linkedin/etc today, and it's on the strength of the first portion of the book, which shakes up complacency about downright silly practices like heuristically labeling risks as "likely" and "medium impact". It really should be required reading for anyone practicing enterprise risk management today.