IRIS 20/20

The report delves into the realm of cyber risk management, emphasizing the importance of data-driven decision-making in the face of cyber threats. It highlights the inadequacies of traditional risk assessment methods which often rely on subjective judgments and qualitative ratings, proposing instead a more empirical approach based on extensive data analysis. The Cyentia Institute, in collaboration with Advisen, utilizes a comprehensive dataset covering 56,000 cyber events across 35,000 organizations over the past decade to derive insights into the frequency and financial impact of cyber incidents. This analysis not only provides a clearer picture of the cyber risk landscape but also challenges conventional wisdom, such as the flat cost-per-record method for estimating breach losses, which the report argues is significantly flawed.The findings reveal that larger organizations, particularly those within the Fortune 1000, are more likely to experience cyber incidents, with a 25% annual likelihood of a breach. However, the impact of these breaches varies significantly across industries and organization sizes, with sectors like information services and financial firms facing higher rates of incidents and losses. The report also introduces probabilistic models for estimating potential losses based on the number of records breached, offering a more nuanced approach that accounts for the variability and unpredictability of cyber events. By providing a detailed analysis of breach probabilities and loss estimations, the report aims to equip cyber risk managers with the tools to better assess and mitigate risks, moving towards a more informed and quantitative approach to cyber security.