The biggest challenge regarding cyber security is to estimate cyber risk in a credible, sustainable and fast way. In fact, among the various most sought-after roles in the sector, that of the so-called Cyber Calamity Forecaster stands out, a sort of cyber «prophet of doom», which grew by 28% in the first quarter of 2021 alone.
This figure deals with the assessment of IT risk: confirms the risk indicators (the so-called key risk indicators – KRI), and defines the strategy for mitigation interventions. This role responds to the need for companies to work alongside an expert for the validation of cyber risk estimates, capable of weighing the pros and cons of each choice, anticipating trends in the cyber crime world. The forecaster is therefore useful for compensating for the limitations of risk forecasting models and implementing a truly proactive approach to cyber security. A highly complex if not almost impossible job.
In general, the direct and indirect costs of a cyber attack are constantly growing. To maintain defense measures, companies found themselves having to face a problem made up of different variables: technologies, necessary skills and management costs. In other words, the company finds itself having to make immediate medium-term strategic choices to remain safe, protect data and operational continuity by drawing on corporately sustainable technologies and skills, available on the market or internally.
Therefore, every company that wants to mitigate the risk associated with these growing threats needs to take action: rather than trying to protect every single computer or system from attacks, they must focus on protecting critical resources, those without which the organization cannot operate. Those assets that are crucial to corporate life.
Cybercrime constantly changes its skin and tactics: attacks come from nowhere and go nowhere, only the victims are known. A typical cyber attack has execution times of the order of a few hours maximum, if not a few minutes, and the evidence (i.e. the data on which to base the risk estimate) is often hidden under layers of technologies or absent altogether. The source of risk is constantly changing, at an unsustainable pace for modeling. Risk calculation models, in fact, must address two different sources of risk deriving from the internal evolution of cybercrime and the creation of new attack opportunities arising from the digitalisation of services. In general i problems of cyber risk estimation systems can be summarized in:
- Trustability of cyber risk estimates: organizations do not trust the risks as presented and worry about the risk of allocating their limited resources, money and time to mitigate the wrong risks;
- Explainability of cyber risk: risk assessment involves a lot of knowledge and often implicit assumptions. This leads to non-transparent assessments, presented separately from the data that generated them and the hypotheses that lead to the estimate;
- Then there is the problem of «black swans» or high-impact low-probability (HILP) risks in which a risk is perceived as so rare that it does not deserve a specific resilience activity.
Not to mention the human element, which causes approximately 95% of successful attacks. People are considered the weakest link or the element with which the most critical level of risk is associated. It was cyber crime that brought out this vulnerability, making use not only of hacking skills, but also of a notable cynicism in the ways in which human beings are deceived. From the point of estimating cyber risk, humans represent a further element of uncertainty because a person’s behavior varies from moment to moment and is generally poorly predictable.
Making cybersecurity sustainable for SMEs therefore represents a complex challenge from various points of view. But if the right precautions are implemented, the damage can be considerably limited. Thanks for example to Lokky Cyber Risk Policythe insured receives coverage of expenses and losses resulting from cyber attacks, as well as the intervention of an expert for the recovery of lost data and for decontamination from any malware. Cyber attacks are unpredictable and highly damaging to the performance of your business. Relying on an advanced insurance broker, able to assist and advise the company also in managing the claim, can make the difference between the positive or negative performance of a business that has suffered a cyber attack.
latest posts published
Lokky, the Italian data driven insurtech for professionals and SMEs
An ally for cyber security: Load Balancing
Business Trend 2023 for SMEs, professionals and commercial activities
Occupational risks for pastry shops
How to read a pay slip
What are the most common cyber risks and how to protect yourself
Clinical Risk: What it is and What are the consequences
Commercial activities most affected by theft
October is European Cyber Security Month
