CYBER RISK – From the CONTROL room to the BOARD room
Keywords: Cyber risk, Bayesian Inference, Monte CArlo Simulation, Loss Distribution
Cyberthreats, as well as the cybersecurity industry, have grown rapidly hand in hand. When you consider that the entire industrial world is dependent on information technology and operational technology solutions, it is not a challenge to understand why. Ransomware targeting critical infrastructure, covert spyware or network failures caused by human error all have a serious impact on an industrial enterprise’s bottom line at various time horizons. This is the definition of cyber risk and defending against it is big business. But what good is a defense without the knowledge of the risk event’s impact? Do we know how cyber risks will affect our operation? How much risk exposure is our business holding at any one time?
Quantifying cyber risk is hard. Cyber risk is dynamic, volatile, and contrary to other sources of risk, cyber risk is subject to human factors ranging, such as motive. Without understanding cyber risk in terms of probabilities and financial terms, no organization can truly mitigate the impact to their business that emerging cyberthreats can pose to their bottom-line, to their employees and shareholders, or even regional laws. Therefore, true cyber risk quantification with real-time evidence-based data is needed. Just as information technology and risk modeling have armed the economy with new measures of efficiency, they should also be used to manage cyber risk.
Charla impartida en el evento HackOn 2022. Organizado por la Universidad Rey Juan Carlos de Madrid, España.
El evento se desarrolló del 16 de Febrero del 2022.