The future of cyber risk management – predicting breaches


Progress is impossible without change, and those who can’t change their mind can’t change anythingsaid the prolific writer and critic, George Bernard Shaw. The quote rings especially true for cybersecurity today, where progress against the threats it faces has been slow. On March 7, 2022, Samsung confirmed a Lapsus$ ransomware attack that also targeted giants such as Microsoft, Okta, and Nvidia. The group claimed access to nearly 200GB of data, including source code used by Samsung for encryption and biometric unlocking features on Galaxy devices.

The growth and interconnection of devices and platforms, and their use in our daily lives, has truly changed the way technology is used – from back-office automation to business enabler. Traditional businesses have been disrupted by technology – AirBnB has disrupted the hospitality industry, Uber has disrupted the transportation industry, and Tesla has disrupted the automotive industry. This does not mean that there has not been progress until the entry of these companies. Rather, it is evidence of our growing reliance on “cyber” for progress. But it has led to an increase in the number and sophistication of the cyber threats we also face. When adopting technology, it’s crucial to think about cybersecurity by design, not as an afterthought.

The timeline so far

According to the World Economic Forum’s 2022 Global Outlook Report, the cost of security breaches to an organization averages US$3.6 million per incident.. In fact, according to a NASDAQ report, 14 market days after a breach became public, the stock’s average price is bottoming out and underperforming NASDAQ by -3.5%. This implies that a breach has an impact on trust in the business, which is directly felt up and down. Beyond the economic losses, the reputational consequences for brands and companies after an incident can be significant – a clear example of fundamentals impacting sentiment.

Over the past five years, Gartner reported that the percentage of boards that consider cybersecurity a business risk has risen from 58% to 88%. and proportionally, cybersecurity spending hit an all-time high of $152 billion in 2021. Despite these changes, cybercrime has inflicted damage worth $6 trillion in the world in 2021!

So what is the missing piece of the puzzle?

In today’s digital world, businesses are also processing more data than ever before – the World Bank estimates that by 2022 total annual internet traffic will reach 4.8 zettabytes – as the World Economic Forum puts it – if you were to store 4.8 zettabytes on DVD, your DVD stack would be long enough to circle the Earth six times! This massive 50% increase over 2020 – yet another reason to watch a ‘two steps aheadapproach to cybersecurity.

Businesses can no longer rely solely on traditional cybersecurity methods. The need of the hour is a systemic shift in perspective on how we think about cybersecurity – from a reactive, siled approach that lacks a common business context, to one that is integrated, proactive, and speaks the language of the business.

How do we do this?

Prediction is power

Using machine learning and data science to enhance and improve user experience has become common practice in many industries such as healthcare, financial services, marketing and technology and entertainment. For example, Netflix harnesses the power of data science to predict what you’re likely to watch next based on your previous selections and content viewing history.

What if we deployed the use of similar fundamentals backed by strong data science principles to make cybersecurity proactive and predictive?

Fix it before it breaks

According to a Harvard Business Review report, 52% of business leaders believe automation is critical to their security operations. For businesses and enterprises to realize their full business potential, they must leverage the power of artificial intelligence (AI), machine learning (ML) and automation across functions, and cybersecurity is no different. IBM reports that the use of AI and automation in cybersecurity has had the greatest positive impact on costs – with cost breaching being 80% higher in organizations where AI and automation automation are not deployed.

Companies need to move away from traditional siled and reactive cybersecurity practices, and adopt a more proactive, predictive and integrated approach and take into account the business context. Cybersecurity can no longer be communicated through technical jargon, but through a language that every stakeholder understands – monetary value at risk.

Security and risk managers don’t need more dashboards, they need insights and using cyber risk quantification platforms that are backed by strong data science principles , business leaders can finally take the guesswork out of cybersecurity.



The opinions expressed above are those of the author.



About Author

Comments are closed.