EXPERT OPINION misconfigurations or business email compromise , breach likelihood gives an as-is metric for cyber-risks and a means to prioritise vulnerabilities .
This simplifies the understanding and management of cybersecurity . FIs willing to invest in methods that simplify cybersecurity can begin with :
• Stepping away from a complianceonly qualitative approach to ensure no vectors – people , processes , technology or cybersecurity products for both first and third parties – go unaddressed .
• Consolidating reports from all cybersecurity products / services to a single dashboard . This will help security and risk management teams prioritise risks across the enterprise in a single view .
• Measuring their cyber-risk posture in its as-is state . They either accept the risk and improve their risk posture by purchasing cyber insurances , accept the risk and forgo any changes , especially when the investment required to mitigate the risk is larger than its dollar value impact , or mitigate the vulnerabilities by defining their cyber-risk appetite and cyber-risk tolerance .
To date , the fundamental approach of securing any business has been reactive . Investments in cybersecurity have historically maintained a check-thebox approach to meet compliance and audit requirements .
There are many distractions and abstractions surrounding cybersecurity , especially when it is a qualitative analysis . Once the foundation is solid with an industry-wide breach likelihood adoption , cybersecurity will become a solution rather than a problem that security executives perceive as right now . u
It is time they moved from reactive and defensive risk management to predictive risk management through breach likelihood . www . intelligentciso . com
43