The FICO Data Privacy Policy explains FICO’s collection and use of cookies. Cookies help us remember your settings to provide you with a better browsing experience; allow us to assess, monitor, and improve the website’s performance; and enable our partners to advertise to you. You may disable the cookies by changing the settings in your browser, and you may tell us not to share your cookie data with third parties. By using this website, you consent to the use of cookies as described in the FICO Data Privacy Policy.
Cybersecurity strategies often consist of “whack-a-mole” exercises focused on the perpetual detection and mitigation of vulnerabilities. As a result, organizations must re-think the ever-escalating costs associated with vulnerability management. After all, the daily flow of cybersecurity incidents and publicized data breaches, across all industries, calls into question the feasibility of achieving and maintaining a fully effective defense. The time is right to review the risk management and risk quantification methods applied in other disciplines to determine their applicability to cybersecurity. These proactive and systematic approaches may provide better quantification of the effectiveness of cybersecurity management practices.
The banking industry, as an example, bears similar risks in its management of credit card risk and has a long history of successfully applying predictive analytics and statistical methods to effectively identify, quantify and predict these risks. Forewarned is, after all, forearmed. If these predictive analytics could be used to harness the risk of data breaches, the damages (both financial and reputational) could be reduced or avoided by a data-driven organization. Similar large-scale data analysis and modeling techniques are commonly used to underwrite property and casualty insurance or assess credit or interest rate risk. In this paper we will explore the potential of forecasting cybersecurity risk with a detailed explanation of the underlying technologies and analytics.