Cybersecurity strategies often consist of “whack-a-mole” exercises focused on the perpetual detection and mitigation of vulnerabilities. As a result, organizations must re-think the ever-escalating costs associated with vulnerability management. After all, the daily flow of cybersecurity incidents and publicized data breaches, across all industries, calls into question the feasibility of achieving and maintaining a fully effective defense. The time is right to review the risk management and risk quantification methods applied in other disciplines to determine their applicability to cybersecurity. These proactive and systematic approaches may provide better quantification of the effectiveness of cybersecurity management practices.
The banking industry, as an example, bears similar risks in its management of credit card risk and has a long history of successfully applying predictive analytics and statistical methods to effectively identify, quantify and predict these risks. Forewarned is, after all, forearmed. If these predictive analytics could be used to harness the risk of data breaches, the damages (both financial and reputational) could be reduced or avoided by a data-driven organization. Similar large-scale data analysis and modeling techniques are commonly used to underwrite property and casualty insurance or assess credit or interest rate risk. In this paper we will explore the potential of forecasting cybersecurity risk with a detailed explanation of the underlying technologies and analytics.