Register to attend Justin’s SIRA presentation online, Friday, June 24, 2022, 11:00 AM PDT: Does Decomposing Losses Improve Our Understanding of the Financial Impact of Data Breaches? Admission is free, organization membership not required.
As Justin will discuss, previous modeling of the financial impact of a data breach has focused on the total loss amount. RiskLens analysis goes deeper by quantifying the components of loss exposure based on Factor Analysis of Information Risk (FAIR™), the international standard for cyber risk quantification that’s the foundation of RiskLens risk analytics.
In their latest work, Justin and team analyzed 18,000 unique cyber events, splitting their financial losses into three FAIR categories (Primary and Secondary Response Costs and Fines & Judgments) composed of six forms of loss: productivity, incident response, replacement cost, competitive advantage, fines/judgements, and reputation.
The researchers also examined the data from the viewpoints of seven variables: number of records breached, company revenue, region (European Union vs. North America), external or external threat, error or malicious threat, data type and industry. And they applied four different analytical models as a reality check; previous data analyses have applied just one.
The goal of all this applied science: 1) The highest level of accuracy for the top-line loss numbers 2) the deepest insight into forms of probable loss so cyber defenders can target controls, mitigation, or insurance with the most cost efficiency -- for instance, for a healthcare organization with a certain number and type of records, a certain level of revenue, etc.
Users of the RiskLens Enterprise platform for quantitative cyber risk analysis have the benefits of RiskLens data science built in, with pre-packaged data specific to their industry, size and the other variables, ready to plug and play in risk analysis. So do the customers of RiskLens Pro, the managed service, with RiskLens consultants running the analyses on the platform.
Now, any organization can take advantage of RiskLens curated data with My Cyber Risk Benchmark, an easy-to-use tool to quantify cyber risk and present it in terms the business understands. Quickly generate reports showing loss exposure in financial terms across the seven most common risk categories (ransomware, DDoS, etc.), tailored to the organization’s industry, geography, etc. Try it for free now.
Increased granularity of data analysis yields a complex picture of cyber risk with many non-intuitive findings:
This level of advanced analysis of cyber loss sets a high bar for the cybersecurity profession. As Justin says, “understanding the financial impact after an event is the first step to understanding how controls reduce a firm’s risk exposure – and that’s our big research push.”