Cybersecurity Predictions: A Better Approach to Risk Assessment

COMMENTARY

Many cybersecurity leaders start each new year by making predictions about the year to come. You may have seen a flood of them recently: "Cyberattacks will continue to be a problem." "This certain country will ban ransom payments." However, as a cybersecurity company founder and CEO, as well as a licensed insurance broker, I believe that instead of predictions, what we really need to protect ourselves is a better understanding of probability.

The Limitations of Predictions

Predictions do not provide a clear understanding of the actual risks involved. When we remove our FUD (fear, uncertainty, and doubt) glasses and look at the cold, hard data, those assumptions become glaringly incorrect. That’s why assessing risk with a probabilistic model can give us far better insight into not only what’s likely to happen, but what the actual impacts may be. And when we better understand potential impacts, we can conceptualize far more effective solutions.

Effective Solutions for a Safer Cyber Environment

Think: choosing comprehensive security tools that protect whatever a company identifies its "crown jewels" to be; building a full team behind a company’s chief information security officer (CISO) and adding new cyber-savvy board members; and even investing in cyber insurance. By taking a probabilistic approach to risk assessment, we can make more informed decisions under pressure and uncertainty.

The Power of Probability

Furthermore, it’s probability — not predictions lacking hard data — that helps us quickly make important decisions under pressure and uncertainty. While probabilities may be based on subjective information, when used in an objective framework, they demonstrate an effective way to improve the value of the hard decisions we make. And when we feel more confident in these decisions, we get better solutions that can make us essentially invincible to whatever cybercriminals may throw our way this year.