There is nothing linear about cyber security
The pressure to achieve cyber risk resilience is real. Conversations concerning resilience abound in business circles and the need to achieve a secure state is warranted when one considers that
by 2021, cyber events are expected to annually cost $6 trillioni.
Companies are digitising most of their processes; employees often operate remotely; more than 80% of U.S. companies support bring-your-own-device (BYOD) policiesii; and regulation is becoming ever-more complex. Cyber as a risk is felt far beyond IT and the CISO’s office.
The Cyber Loop
The Cyber Loop acknowledges that each organisation will start its cyber security journey from one of four entry points: assessment, quantification, insurance or incident response readiness (IR).
Once in the Cyber Loop, the organisation becomes an active participant in managing risk and an active participant in a greater cyber security ecosystem, engaged in continuous review, improvement and investment in cyber risk management.
As data is collected – assessment results, quantification studies, insurance limits, peer benchmarking, claims, threat intelligence and experience garnered from actual incident response – the Cyber Loop brings everything together into one data ecosystem. With each revolution around the Loop, more data is extracted and then re-invested back into the Loop.
The result is a fresh and large pool of data related to cyber risk that can be systematically accessed to inform and improve an organisation’s resilience. As a company circles the Cyber Loop, it strengthens its ability to rapidly detect, respond to and recover from a cyber attack. The ability to make informed decisions gets sharper and efficiencies are created. Resilience is improved.
Download the full report to learn more about the four entry points for managing cyber risk.
i Cisco/Cybersecurity Ventures 2019 Cybersecurity Almanac
ii Syntonic 2016 Report, BYOD Usage in the Enterprise