Cyber Risk Assessment
Abstract: As cybercrime continues to proliferate across the globe, cyber risk is no longer just an issue for CISOs and now de- mands the attention from the Board of Directors, management, and the broader organization. High profile data breaches over the past decade have not only led to financial loss, but also paralyzing brand reputation damage. Adding to the scrum, the propagation of IoT and digitalization of corporations have created an unprecedented level of cyber interde- pendency increasing the odds that the effects of an attack could be broad and cascade across the ecosystem – a “Cyber Hurricane” scenario. Companies are proactively moving to understand and assess their exposure through a unified pic- ture of third party vendors, internal controls, and security procedures. Because of the size, complexity, and constant evolution of attack vectors, there is no simple, one-size-fits-all approach to managing the risks associated with cyber crime. However, it is essential to establish a baseline for identifying critical components that must be incorporated into the risk management strategy. Even as standards and best practices begin to solidify, areas and techniques of assessment still vary between cybersecurity companies. Nonetheless, the common goal of understanding an enterprise’s exposure is the quantification of risk and how to track that over time. The evolving threat landscape has made quantifying risk a complex and difficult exercise. This dynamic field of risk, in itself, drives greater spend for growing sub-verticals around strategic advisory services for quantifying data breach risk. Attorneys, threat mitigation firms, and consulting firms are investing more time and resources to provide risk manage- ment and resilience consulting services as organizations face the reality that need help to effectively plan and respond to an attack. These vendors help companies understand and benchmark their cyber posture so leadership can manage exposure in the same manner as other enterprise risks. This panel will be an informative discussion about the growing cyber risk assessment ecosystem and the rapid adoption of these vendors as companies harden their defenses against cyber crime.
Market Statistics, Sizing/Growth:
The Integrated Risk Management market is expected to grow at a 15% CAGR reaching $5.7B by 2021 from $2.9B today (Gartner) Global cyber crime is estimated to cost between $375B and $575B annually (McAfee, CSIS), expected to grow to $2.1T by the end of the decade (Juniper Networks)
Since 2005, there have been nearly 6,800 data breaches exposing 886 million records (ITRC)
The average cost of a data breach grew from $3.8M in 2015 to $4.0M in 2016 (Ponemon Institute)
66% of public company board members are not fully confident their companies are properly protected against a cyber attack (NYSE)
Annual gross written premiums for cyber insurance rose 20% since last year to $3.25B (Betterley)
Discussion Topics:
What are the core techniques of an assessment and how do methodologies compare across vendors?
What are the typical challenges encountered when assessing an enterprise’s security posture?
How do you address the human element when building a cyber resilience plan?
With the cyber insurance market dominated by North America, how do you see growth abroad for these consulting and assessment services?
What proportion of companies have dedicated cyber resilience budgets?
How do you see government regulations contributing to the adoption of security assessments?
How is the proliferation of data and applications to the cloud impacting the threat environment?
How often are you partnering with cyber insurance providers in the underwriting process?
Made with FlippingBook - Online catalogs