Safe Security , a global leader in cybersecurity risk quantification and management, today released new findings that will empower CISOs, risk teams, C-Suites, and board members to design and implement an ROI-driven enterprise cyber risk management plan.
In order to truly manage cyber risk, organizations should be able to answer two questions: “What is the probability of an attack happening?” and “If an attack happens, what is the potential financial loss for my company?” To help organizations answer those questions based on industry data, Safe Security developed a research model that can predict the probability of a breach for any industry over the next 12 months.
Safe Security’s research shows that in the next 12 months:
- The probability of a healthcare company falling victim to a successful cyber attack is 25%, and 20% for a financial services company.
- There is a 10% probability that a healthcare or a financial services company will face an attack resulting in a data breach, and around 8% probability of these organizations facing a ransomware attack.
- Industries like manufacturing and retail face less than 15% probability of a successful cyber attack.
- In a ransomware attack, the cost of the ransom itself makes up only 10% of the total financial impact the attack would have against an organization. Other costs such as incident response and business interruption will have a much bigger financial impact on an organization.
- The financial impact of a successful breach on retail and manufacturing sectors, while only a 15% probability, would be more significant than other industries due to potentially high business interruption costs.
Leveraging this research, Safe Security developed their CRQ Calculator, a free benchmarking tool providing outputs about the cyber health and potential financial risks of a specific industry. These outputs can be tuned specifically to a company based on its internal signals. Examples of how the calculator can be used include:
- CISOs can use this data to understand industry benchmarks and their baseline cyber risk to run customized cyber risk assessments using the Safe Platform, to quantify their own risk, create a Cyber Risk Management plan and track ROI.
- Cyber insurance companies and brokers can use the calculator to assess their portfolio-level cyber risk, and adjust their pricing and coverage accordingly.
- Portfolio management companies or Private Equity Companies can estimate the financial risk due to the cybersecurity posture of their portfolio companies.
“As humans, we love predicting the future. Everything from which team will win tomorrow’s game, to the probability of rain next week. The Safe Security team feels just as passionate about helping organizations understand their cybersecurity risk through probability models,” said Saket Modi, co-founder and CEO of Safe Security. “Like financial risk, cyber risk needs to be managed in real-time based on data coming from internal and external environments. CISOs can use the Safe CRQ Calculator to gain a quantified baseline to draft their cyber risk management plan over the next 12 months.”
To build these predictive models, Safe Security filled gaps in publicly available data by applying internal cybersecurity threat expertise to a proprietary database of attack costs and metadata collected from primary sources. These sources include SEC filings, regulatory reports, legal documents, and budget reports covering more than 1,500 security incidents worldwide over the last 10 years; insurance claim reports from leading cyber insurers; hack analysis of more than 100 attacks, primary research with cybersecurity services firms; and telemetry on more than 400,000 assets collected from the Safe platform. To download a copy of the Safe CRQ Calculator white paper, click here.
Safe Security will update these models regularly, as external threat environments evolve. To find out your industry’s cyber exposure with the free cost calculator, click here.
About Safe Security
Safe Security is a leader in cybersecurity and digital business risk quantification management, with a mission to build a safer digital future. Safe’s cyber risk quantification and management (CRQM) platform enables organizations to measure and manage cyber risks in real-time. Its platform automatically collects signals from inside and outside a company’s environment to give the company-specific cyber risk rating, or SAFE Score, the financial impact of a potential breach, and an action plan. This enables organizations to have a common language across teams, from the board all the way down to an analyst, to align with a consistent risk metric along with justifying investments in cybersecurity and purchase of cyber insurance for the organization. For more information, visit https://www.safe.security/