Moneyballing Cyber Resilience
Cyber resilience requires establishing strategic objectives across all stakeholders.
Cyber resilience requires establishing strategic objectives across all stakeholders.
At Resilience, we believe organizations need a new way to assess, measure, and manage their cyber risk. Our approach enables finance, risk transfer, and security leaders to align and prioritize informed decision-making for investments around security controls and risk transfer. We call this alignment of objectives Cyber Resilience.
After taking an informal and unscientific poll, the most hated security question is, “Are we secure?” Only slightly better is, “Are we secure against known threats?” It’s rarely asked the second way. Both are dreaded – particularly in the boardroom.
Resilience experts introduce the idea of using influence diagrams to visually capture the essence of security events for deeper conceptual understanding. Influence diagrams are a powerful way to represent the qualitative essence of the structural relationship between events and outcomes, whether those events are decisions we make or events outside our control (uncertainties).
A defensible security budget is a set of allocated costs that serve the strategic objectives of the organization based on a choice of controls that maximize capital efficiency in an uncertain world. Allocated costs support actions intended (but not guaranteed) to carry us to a goal. Strategic objectives relate to why an organization exists at all, and capital efficiency relates to the wise and productive use of cash in a risky world.
To be successful in this digital economy, a company must now be Cyber Resilient and integrate its risk mitigation, risk acceptance, and risk transfer so it can take a hit without impacting its ability to deliver value.