through an integrated view of how well an organisation manages its unique set of risks .”
The building block of IRM is enterprise risk . Currently , organisations have tried and failed to protect data by looking at cybersecurity through compliance frameworks only , with point-in-time reports from siloed tools . It is time they moved from reactive and defensive risk management to predictive risk management through breach likelihood , which simplifies cybersecurity .
About the author
Saket Modi is the Co-Founder and CEO of Safe Security , a Cybersecurity and Digital Business Risk Quantification platform company . A computer science engineer by education , he founded Safe Security in 2012 while in his final year of engineering . Incubated in IIT Bombay and backed by Cisco ’ s former Chairman and CEO John Chambers , Safe Security protects the digital infrastructure of multiple Fortune 500 companies around the world with its cyber-risk measurement and mitigation platform called SAFE . Modi is a part of Fortune Magazine ’ s 40-under-40 , Entrepreneur Magazine ’ s 35-under-35 and Forbes Magazine ’ s 30-under-30 lists , among others .
It is time they moved from reactive and defensive risk management to predictive risk management through breach likelihood .
Computing an enterprise ’ s breach likelihood leverages technology that is not alien to the BFSI sector . Machine Learningenabled predictions are already being deployed in insurance , employee welfare and customer experience . A large online payments system uses Deep Learning , algorithms , multi-class models and more to sieve fraudulent and genuine transactions by deriving actionable insights from their storymodel analysis .
Cybersecurity can also be simplified using technology that already exists . The fundamental element of cybersecurity is as basic as knowing the enterprise breach likelihood that can be calculated from enterprise-wide signals .
Breach likelihood prediction in the banking sector shifts power to the cybersecurity team and the organisation , enabling them to prevent rather than react to threats . Be it the possibility of a breach through ransomware , cloud misconfigurations or business email compromise , breach likelihood gives an as-is metric for cyber-risks and a means to prioritise vulnerabilities .
This simplifies the understanding and management of cybersecurity . FIs willing to invest in methods that simplify cybersecurity can begin with :
• Stepping away from a compliance-only qualitative approach to ensure no vectors – people , processes , technology or cybersecurity products for both first and third parties – go unaddressed
• Consolidating reports from all cybersecurity products / services to a single dashboard . This will help security and risk management teams prioritise risks across the enterprise in a single view
• Measuring their cyber-risk posture in its as-is state . They either accept the risk and improve their risk posture by purchasing cyber insurances , accept the risk and forgo any changes , especially when the investment required to mitigate the risk is larger than its dollar value impact , or mitigate the vulnerabilities by defining their cyber-risk appetite and cyber-risk tolerance
To date , the fundamental approach of securing any business has been reactive . Investments in cybersecurity have historically maintained a check-the-box approach to meet compliance and audit requirements . There are many distractions and abstractions surrounding cybersecurity , especially when it is a qualitative analysis . Once the foundation is solid with an industry-wide breach likelihood adoption , cybersecurity will become a solution rather than a problem that security executives perceive as right now . •
40