We’re not ambulance chasers, but a formal cybersecurity risk assessment and analysis with the output expressed in loss-event-frequency and loss-magnitude would seem appropriate right now for Anthem given their recent breach. The unfortunate reality is that the event just happened (likely caused by compromised credentials from phishing attacks) and there will be a substantial cost to Anthem and the insurance carriers. This has brought visibility to the problem and now executives need to be better prepared for inevitable future events. Personal data and medical records are a lucrative target (with some estimates putting the value from $20 to $1000 per record). Factor Analysis of Information Risk and RiskCalibrator can bring clarity to future mitigation strategies.
The CXOWARE Blog
Welcome to the CXOWARE blog. We hope you’ll join us for lively and good natured discussion about risk and risk issues! We’re risk geeks, plain and simple. We’re big advocates of the Factor Analysis of Information Risk (FAIR) framework for quantifying risk.