Quantifying the Impact and Risk of a Cyber-Attack

The thought of cyber-attacks has made some organizations increase their spending on resources to focus on improving awareness and the overall posture of data security. The question is how much does an organization want to spend to quantify the impact and risk of a cyber-attack?

At its annual meeting in January 2015, the World Economic Forum released an initial report to build a common framework to quantify the impact and risk associated with cyber-attacks. However, a tremendous amount of effort still needs to occur to unify a common approach. The World Economic Forum suggests using the value-at-risk mathematical function widely adopted by the financial services industry, which would help measure the tradeoff between value gained through investments and the potential risks assumed. The three main components factored in the value-at-risk model include: assets, the potential attacker, and vulnerabilities. As organizations focus on criminal-based motives, they also need to consider potential terrorism, espionage, and even warfare-led motives. This is an overwhelming thought for many organizations that are underfunded and unprepared.

The organization’s assets sit at the center of this value-at-risk model. Intangible assets, including privacy data, if stolen, could impact the organization’s reputation or brand; whereas, tangible assets, including infrastructure, systems and production, if compromised, could impact temporary or even long-term business operations. The financial impact of a potential security breach and possibility an organization could become a target is driven by the organization’s assets. The issue becomes calculating the costs of the assets and overall business to drive the risk acceptance.

The last component within the value-at-risk model is an organization’s vulnerabilities, which relate to the systems in place, the administrators and users of those systems who serve to protect the assets. The probability of a breach can not only be based upon the value of the assets targeted, but also by an adversary’s knowledge of an organization’s vulnerabilities.

By analyzing the connection between these three major components, organizations can better understand their unique risk posture. What is your organization doing to quantify the value and impact of potential breaches?

Contact us if you would like to learn more about cybersecurity and how Schneider Downs can help your organization and visit the Cybersecurity blog for other articles pertaining to protecting your organization.

Source:  http://www.securityweek.com/economics-cybersecurity-are-scales-tipped-attacker

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2021 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on
President Biden Signs K-12 Cybersecurity Act into Law
What Are the Top Cybersecurity Questions of 2021?
The Benefits of Having an Independent SAP Controls Team on Your SAP S/4HANA Project
Cybersecurity Awareness Month 2021
Biden Administration Announces First Ever Sanctions Against Cryptocurrency Exchange
Apple Releases Emergency Security Update to Address Critical Spyware Vulnerability
Register to receive our weekly newsletter with our most recent columns and insights.
Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us
contact us

This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.