Intelligent Issue 31 - Page 42



Daniel Caban , Regional Leader – META , Mandiant Consulting and expertise to effectively manage cyberrisks , making them attractive targets . The rapid adoption of digital technologies , such as cloud services , remote work and Internet of Things ( IoT ) devices , increases the attack surface and introduces the risk of new vulnerabilities . As someone with extensive experience in the Middle East market , I have witnessed firsthand the devastating impact of a data breach . The average cost of a data breach in 2020 was approximately US $ 6.53 million , emphasising the gravity of the situation for public and private sector to take proactive steps to enhance cybersecurity measures and stay ahead of potential threats . Moreover , businesses in the region have started investing heavily in cybersecurity solutions and training their staff to identify and respond to potential threats .
What exactly is a cyber-risk profile ?

Cyber-risk profiles assess a company ’ s exposure to attacks , vulnerabilities and potential consequences of security incidents . It shapes cybersecurity strategy by identifying and managing digital risks and helps evaluate key factors , including assets , threats , likelihood , impact , controls and risk tolerance .
Assets include critical digital components , such as hardware , software and data . Threats refer to external and internal actors capable of exploiting digital vulnerabilities . Likelihood estimates the probability of threats materialising , while impact assesses the potential consequences of successful attacks . Controls evaluate existing security measures , highlighting areas for improvement . Risk tolerance defines acceptable risk levels .
With a cyber-risk profile , companies can allocate resources effectively , implement better security measures and develop a proactive cybersecurity strategy aligned with business objectives and risk tolerance , ultimately minimising the likelihood and impact of incidents . While information overload is clearly identified as a challenge for almost every organisation based on the above , nearly half ( 47 %) of respondents to Mandiant ’ s report said applying intelligence effectively throughout an organisation was one of the biggest challenges they faced when using threat intelligence and 38 % said another was knowing what to do with the information .
Cyber-risk management framework implementation
A comprehensive cyber-risk management framework ( CBRMF ) provides a structured approach to identifying , assessing , mitigating and monitoring cyber-risks within a company . A CBRMF helps organisations understand their exposure , make informed decisions and allocate resources effectively to minimise the likelihood and impact of cyber incidents . The critical outcomes of such a framework include implementing technical controls , developing security policies , educating employees , creating incident responses and Business Continuity plans and , ultimately , continuous risk monitoring with regular reporting .
By incorporating this framework , companies can proactively address cyber challenges , align security efforts with business objectives and enhance resilience in the face of an everevolving threat landscape .
Embedding cyber-risk management into company culture
A company ’ s culture can benefit significantly from embedding cyber-risk management , particularly when it comes to smaller businesses where you have a more close-
. tech
Intelligent SME . tech