Using the RiskLens My Cyber Risk Benchmark tool, we can estimate the probable effect (in annualized dollar amounts) of a ransomware incident on a government agency of Suffolk Country’s size:
According to the 2022 Verizon DBIR, the public administration sector was hit with 2,792 cyber incidents in 2021, including 537 data breaches. That placed this industry at number three for total incidents, also number three for data breaches, out of 21 surveyed.
The RiskLens data science team estimates risk for companies in an industry category based on the cyber events history plus a wide range of parameters such as revenue (or government budget), number of employees and number of database records.
In RiskLens modeling, a ransomware event for a government agency of Suffolk County’s size comes in relatively low at a 14.5% probability in a year, but that’s relative to the very high probabilities for other forms of attack, as shown in the chart below. Public administration is the most likely to be targeted and the least well-protected among industry types.
Adjusting the parameters on the My Cyber Risk Benchmark tool gives clues on how to reduce cyber loss exposure.
For instance, reducing the number of records in a database, but leaving the other settings the same for a public agency of Suffolk County’s characteristics shows this $1.3M improvement for a ransomware event
To rate security posture, the Benchmark tool incorporates grading by Security Scorecard. Here’s how the annual probabilities of a ransomware attack go up for a government organization comparable to Suffolk County as security grades go down, suggesting the value of controls investments. (Security Scorecard rated Suffolk County at “D”).
Try the My Cyber Risk Benchmark tool for yourself – get a free trial.