Quantifying the Impact and Risk of a Cyber-Attack

The thought of cyber-attacks has made some organizations increase their spending on resources to focus on improving awareness and the overall posture of data security. The question is how much does an organization want to spend to quantify the impact and risk of a cyber-attack?

At its annual meeting in January 2015, the World Economic Forum released an initial report to build a common framework to quantify the impact and risk associated with cyber-attacks. However, a tremendous amount of effort still needs to occur to unify a common approach. The World Economic Forum suggests using the value-at-risk mathematical function widely adopted by the financial services industry, which would help measure the tradeoff between value gained through investments and the potential risks assumed. The three main components factored in the value-at-risk model include: assets, the potential attacker, and vulnerabilities. As organizations focus on criminal-based motives, they also need to consider potential terrorism, espionage, and even warfare-led motives. This is an overwhelming thought for many organizations that are underfunded and unprepared.

The organization’s assets sit at the center of this value-at-risk model. Intangible assets, including privacy data, if stolen, could impact the organization’s reputation or brand; whereas, tangible assets, including infrastructure, systems and production, if compromised, could impact temporary or even long-term business operations. The financial impact of a potential security breach and possibility an organization could become a target is driven by the organization’s assets. The issue becomes calculating the costs of the assets and overall business to drive the risk acceptance.

The last component within the value-at-risk model is an organization’s vulnerabilities, which relate to the systems in place, the administrators and users of those systems who serve to protect the assets. The probability of a breach can not only be based upon the value of the assets targeted, but also by an adversary’s knowledge of an organization’s vulnerabilities.

By analyzing the connection between these three major components, organizations can better understand their unique risk posture. What is your organization doing to quantify the value and impact of potential breaches?

Contact us if you would like to learn more about cybersecurity and how Schneider Downs can help your organization and visit the Cybersecurity blog for other articles pertaining to protecting your organization.

Source:  http://www.securityweek.com/economics-cybersecurity-are-scales-tipped-attacker

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2021 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on
What is a SOC 3 Report?
US Lawmakers Look to Set Federal Cyber Breach Alert Standard
How to Incorporate Cybersecurity in a SOX Framework
How To Scope a SOC 2 Audit
Do I Need a SOC 2 Type 1 Before a SOC 2 Type 2?
What Financial Institutions Need to Know About R-SAT
Register to receive our weekly newsletter with our most recent columns and insights.
Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us
contact us
Map of Pittsburgh Office

One PPG Place, Suite 1700
Pittsburgh, PA 15222

[email protected]
p:412.261.3644     f:412.261.4876

Map of Columbus Office

65 East State Street, Suite 2000
Columbus, OH 43215

[email protected]
p:614.621.4060     f:614.621.4062

Map of Washington Office
Washington, D.C.

1660 International Drive, Suite 600
McLean, VA 22102

[email protected]

This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.