The FAIR Institute’s first Middle East and Africa Summit, recently held in Amman, Jordan, opened with Institute President Nicola (Nick) Sanna’s keynote on “How Risk Economics Can Help Us Win the Battle of Cyberspace.”
“You probably don’t hear about cybersecurity and economics in the same sentence,” Nick said, but “security failure is caused at least as often by bad economic incentives as by bad technological design.”
Watch the video of Nick’s keynote.
A FAIR Institute Contributing Membership required to view.
In the current threat landscape, “the chance of getting caught is very low, the chance of profits very high. To deal with that, we have to rethink our approach to cybersecurity,” starting with a foundation of quantifying cyber risk in financial terms.
For too long, the cybersecurity community tried to communicate to business and government in technical terms for audiences that primarily understand profit and loss or national security and economic development. “It’s our job to learn their language and explain how cybersecurity can influence their policies and improve and support them.”
Nick praised the National Cybersecurity Center of Jordan, host of the FAIR Institute Middle East and Africa Summit, for promoting a “risk-based approach to cybersecurity that’s at the forefront of best practices. This is not yet a reality even in the United States. The fact that we have authorities in the Middle East already on that journey is very impressive.”
He contrasted the risk-based approach that assesses risks in financial, not just technical terms, with the compliance approach, checking off controls or processes from a list of best practices. “Those checklists don’t help with prioritization and can become busywork.”
Nick made a strong pitch for national governments to support infosecurity academies, much like military academies, to educate a new generation of cybersecurity practitioners both to alleviate the critical shortage of professionals and to train in quantitative cyber risk analytics.
And he pointed out some encouraging trends:
- The National Association of Corporate Directors (NACD) Directors Handbook on Cyber-Risk Oversight released this year makes the case for the risk-based, quantitative approach (Nick was a contributor) and is the #1 publication that board members read on cybersecurity, according to a survey by PwC.
- Burgeoning growth in the FAIR Institute, now up to 14,000 members, and in FAIR training with 10,000 graduates.
Coming June, 2023 to London: Attend the FAIR Institute Europe Summit.