Cyber Intelligence-Driven Risk

Organizations continue to lament outsized losses from cyber threats, despite leaps-and-bounds advances in cybersecurity and cyber intelligence operations. Additional security expenditure rarely makes a significant dent in these losses. The problem is a significant disconnect between information security and business decision making. Our information security programs provide us with detailed data, predictions, and incident response programs, but we have failed to build the capacity to translate this knowledge into meaning that we can apply to assess the business risk of various courses of action. Faced with the knowledge that a malicious entity plans to attack an organization at a particular time, many decision makers would opt to stop the attack. But what if the attack will be short-lived, ultimately costing the business less than it would cost to prevent the attack? How many cybersecurity reports are accounting for the opportunity cost of lost customers? What's the true business impact of the mitigation effort if similar attacks continue to happen in the future? Cyber Intelligence-Driven Risk details how to build such complex questions of cost-benefit and risk analysis into cyber risk analysis programs, so any leader can make informed cybersecurity decisions. As the digital world becomes more complex and more essential to business, it is imperative that C-suite executives and risk managers operate from a nuanced understanding of all avenues available. Today's organizations need personnel who can synthesize information in a way that enables correct action from a business risk perspective. This book is a unique manual for developing this imperative capacity.