Cybersecurity Cost Effectiveness for Business Risk Reduction

This report, conducted by the Cambridge Centre for Risk Studies, shows that investments in security controls can reduce organizations' financial exposure, and modeling financial loss can help companies make better security investment decisions.

The report details the process of modeling a framework designed to quantify the potential risk reduction from implementation of control improvements. It also explores the results of applying the framework to three hypothetical companies in different sectors.

Four controls from the CIS Top 20 were used for modeling:

  • Control 3: Continuous Vulnerability Management
  • Control 5: Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers
  • Control 8: Malware Defenses
  • Control 19: Incident Response and Management

You’ll also get detailed information about the state of cyber risk today, including:

  • Ransomware trends
  • Data breach trends
  • Cloud outage trends
  • Cyber threat actors
  • Digital supply chain risk
  • Cyber security regulatory reporting

The Cambridge Centre for Risk Studies at the University of Cambridge Judge Business School provides frameworks for recognising, assessing and managing the impacts of systemic threats. It’s research is focused on how the impact of catastrophic events ripple across an increasingly connected world with consequent effects on the international economy, financial markets, firms in the financial sectors and global corporations.

Download the free report.

Cambridge Univ and BitSight - CYBER SECURITY COST EFFECTIVENESS FOR BUSINESS RISK REDUCTION
bitsight