Estimating cyber risk: importance and difficulties encountered


The biggest challenge regarding cyber security is to estimate cyber risk in a credible, sustainable and fast way. In fact, among the various most sought-after roles in the sector, that of the so-called Cyber ​​Calamity Forecaster stands out, a sort of cyber «prophet of doom», which grew by 28% in the first quarter of 2021 alone.
This figure deals with the assessment of IT risk: confirms the risk indicators (the so-called key risk indicators – KRI), and defines the strategy for mitigation interventions. This role responds to the need for companies to work alongside an expert for the validation of cyber risk estimates, capable of weighing the pros and cons of each choice, anticipating trends in the cyber crime world. The forecaster is therefore useful for compensating for the limitations of risk forecasting models and implementing a truly proactive approach to cyber security. A highly complex if not almost impossible job.

In general, the direct and indirect costs of a cyber attack are constantly growing. To maintain defense measures, companies found themselves having to face a problem made up of different variables: technologies, necessary skills and management costs. In other words, the company finds itself having to make immediate medium-term strategic choices to remain safe, protect data and operational continuity by drawing on corporately sustainable technologies and skills, available on the market or internally.

Therefore, every company that wants to mitigate the risk associated with these growing threats needs to take action: rather than trying to protect every single computer or system from attacks, they must focus on protecting critical resources, those without which the organization cannot operate. Those assets that are crucial to corporate life.

Cybercrime constantly changes its skin and tactics: attacks come from nowhere and go nowhere, only the victims are known. A typical cyber attack has execution times of the order of a few hours maximum, if not a few minutes, and the evidence (i.e. the data on which to base the risk estimate) is often hidden under layers of technologies or absent altogether. The source of risk is constantly changing, at an unsustainable pace for modeling. Risk calculation models, in fact, must address two different sources of risk deriving from the internal evolution of cybercrime and the creation of new attack opportunities arising from the digitalisation of services. In general i problems of cyber risk estimation systems can be summarized in:

  • Trustability of cyber risk estimates: organizations do not trust the risks as presented and worry about the risk of allocating their limited resources, money and time to mitigate the wrong risks;
  • Explainability of cyber risk: risk assessment involves a lot of knowledge and often implicit assumptions. This leads to non-transparent assessments, presented separately from the data that generated them and the hypotheses that lead to the estimate;
  • Then there is the problem of «black swans» or high-impact low-probability (HILP) risks in which a risk is perceived as so rare that it does not deserve a specific resilience activity.

Not to mention the human element, which causes approximately 95% of successful attacks. People are considered the weakest link or the element with which the most critical level of risk is associated. It was cyber crime that brought out this vulnerability, making use not only of hacking skills, but also of a notable cynicism in the ways in which human beings are deceived. From the point of estimating cyber risk, humans represent a further element of uncertainty because a person’s behavior varies from moment to moment and is generally poorly predictable.

Making cybersecurity sustainable for SMEs therefore represents a complex challenge from various points of view. But if the right precautions are implemented, the damage can be considerably limited. Thanks for example to Lokky Cyber ​​Risk Policythe insured receives coverage of expenses and losses resulting from cyber attacks, as well as the intervention of an expert for the recovery of lost data and for decontamination from any malware. Cyber ​​attacks are unpredictable and highly damaging to the performance of your business. Relying on an advanced insurance broker, able to assist and advise the company also in managing the claim, can make the difference between the positive or negative performance of a business that has suffered a cyber attack.

latest posts published

Lokky, the Italian data driven insurtech for professionals and SMEs

Lokky, the Italian data driven insurtech for professionals and SMEs

EconomyUp interviews Paolo Tanfoglio and Sauro Mostarda, Co-founder and CEO of Lokky Awarded as 'Best ...
An ally for cyber security: Load Balancing

An ally for cyber security: Load Balancing

Having a fast, high-performance and reliable website is a non-negligible aspect for those who have ...
Business Trend 2023 for SMEs, professionals and commercial activities

Business Trend 2023 for SMEs, professionals and commercial activities

The main trends of 2023 that you will need to consider in your business Digital ...
Occupational risks for pastry shops

Occupational risks for pastry shops

The pastry chef's activity involves the production of confectionery products, from the preparation of the ...
How to read a pay slip

How to read a pay slip

In collaboration with our partner F2Dwe decided to delve deeper into the elements that make ...
What are the most common cyber risks and how to protect yourself

What are the most common cyber risks and how to protect yourself

“Houston, we have a problem."Who doesn't know the words of Jack Swigert, pilot of the ...
Clinical Risk: What it is and What are the consequences

Clinical Risk: What it is and What are the consequences

In recent years, the responsibility of healthcare facilities has increased significantly and with this also ...
Commercial activities most affected by theft

Commercial activities most affected by theft

Theft, shoplifting and armed robberies are a plague for Italian traders. In Europe, Italy is ...
October is European Cyber ​​Security Month

October is European Cyber ​​Security Month

October is the European month dedicated to cybersecurity, a good opportunity to acquire new awareness ...
Estimating cyber risk: importance and difficulties encountered

Estimating cyber risk: importance and difficulties encountered

The biggest challenge regarding cyber security is to estimate cyber risk in a credible, sustainable ...

Leave a Reply

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *