Recently, the Wall Street Journal (WSJ.com) published two charts from Juniper Research that paint a disheartening picture of the state of cybersecurity. One chart shows a projection of cybersecurity spending increasing (more or less linearly) over the coming five years, while the other chart projects a more exponential-looking growth in cybersecurity losses over that same timespan.
I suppose some would infer from this that cybersecurity spending should increase exponentially too, however, I disagree. I believe the solution is to spend smarter, not more. For some organizations, perhaps the answer is both smarter and more. Smarter, regardless.
So, what does it mean to be smarter with regard to cyber security? In a nutshell, it means that we have to apply economic principles and methods to our cyber-related decisions. This will enable organizations to prioritize more effectively and understand the cost-benefit proposition of the investments they make in cyber security.
In a newly released e-book entitled An Executive’s Guide to Cyber Risk Economics I discuss the challenges associated with current practices, as well as the changes that need to occur in order to improve decision-making. The eBook is made available by RiskLens, the technical adviser to the FAIR Institute.
The bottom line is that organizations invariably have limited resources to apply to the cybersecurity problem, which means they have to spend wisely. The eBook is intended to help executives understand why their organizations have been struggling with this, and what to do about it.
Charts from The Evolution of a Cybersecurity Firm, the Wall Street Journal, May 16, 2017
