Managing Director & Founder of AllegisCyber Capital.
Cyber risk is now recognized at the board level. The result is organizations are increasing their cyber budgets to keep up with the evolving threat landscape, with unprecedented visibility from the board and C-suite.
Gartner projects that worldwide end-user spending on security and risk management will total $215 billion this year, which would be a 14.3% increase from last year.
However, even with this additional layer of executive oversight, decision making around cybersecurity, efficacy measurement and regulatory oversight is still woefully inadequate, largely driven by invalid data, self-attestation and anecdotal evidence. In 2023, cyberattacks grew at an alarming rate. There were 3,205 publicly reported data breaches in the U.S., a 78% increase over the year before.
The way many cybersecurity decisions happen today is analogous to going to see a doctor, explaining your symptoms and them making a diagnosis and prescribing a treatment based on what you told them without running any labs or tests to verify. In the medical field, that’s called malpractice. In cyber, it’s too often the best we can do.
The challenge isn’t that the data doesn’t exist. Conversely, data has quickly become the crown jewel for most organizations, and the cyber data that surrounds it is invaluable. The challenge lies in cataloging, collecting, organizing and analyzing the supporting cyber data in a way that enables leaders to make informed decisions based on ground truth, in real time.
Moving From Moment-In-Time To Movement-Over-Time Data
Cybersecurity as an industry has a data-maturity problem and an even larger observability issue. We use anecdotal breach and vulnerability data when considering security tools and controls to invest in. Flawed or incomplete data is often found in shared threat intelligence that we expend unnecessary resources on.
In addition, we rely on information from self-attested, point-in-time questionnaires to make decisions on critical resilience program components such as cyber insurance and third-party risk management.
This is by no means due to negligence on behalf of the cyber community. It’s part of the growing pains of a rapidly maturing industry. Operational observability, being able to see and fully understand data in real time, is a critical need that is being slowly addressed. The transition is like the medical profession’s transition from empirical observation and philosophical theories to data-driven diagnosis; it didn’t occur overnight but was a gradual process that spanned centuries.
We often have to remind ourselves that cyber is barely 50 years old. Current cyber risk assessment practices are limited by:
• Lack of real-time data. Many cyber risk assessment tools rely on historical data, which may not reflect the current threat landscape.
• Lack of integration. Data from different sources is often not integrated, making it difficult to get a comprehensive view of an organization’s cybersecurity posture.
• Self-attestation based on anecdotal data. Organizations often rely on self-reported information from employees or third parties to assess their cyber risks, which can lead to inaccurate or incomplete data.
• Data overload. Organizations may have access to large amounts of data about their cybersecurity posture, but it can be difficult to identify the most relevant and useful information.
Cyber risk assessment needs to shift toward automated, real-time, data-driven decision making for the industry to reach maturity. Achieving this requires recognizing that:
1. The integration of cybersecurity tools is vital for comprehensive cyber risk assessment. Each tool provides a fragmented view of an organization’s cyber posture.
Integrating these tools allows for the consolidation of data into a single source of truth. A true holistic view would enable chief information security officers to understand their organization’s overall cyber posture, identify gaps and overlaps, and make data-driven decisions to strengthen their cybersecurity defenses.
2. Cyber threats are continuously evolving so real-time data reporting is essential for effective cyber risk management. The static risk assessments as done today provide limited value.
Cyber risk evolves in real time. That means cyber exposure and cyber posture change on a moment-to-moment basis. A snapshot of cyber risk today does not reflect the cyber risk of tomorrow. CISOs need access to comprehensive, real-time data to identify and address the vulnerabilities that matter and mitigate the impact of potential cyberattacks.
The Culmination: An Integrated, Data-Driven Approach To Cybersecurity Decision Making
Real-time data reporting across integrated cybersecurity tools enables data-driven cybersecurity decision making in finance.
Trust is the cornerstone of any financial institution. Financial services rely on complex, interconnected IT systems and operate in a heavily regulated landscape where seconds can equate to millions of dollars lost or gained. An organization’s cyber posture then is the linchpin in preserving financial stability and consumer confidence.
Data-driven decision making thus emerges as critical for financial institutions. From managing cyber risk to demonstrating compliance to negotiating favorable insurance terms, billions in value await to be unlocked by harnessing real-time cyber data across the technological spectrum of the finance industry.
In a competitive market, the ability to swiftly manage and mitigate cyber risks can be a differentiator for financial institutions. Real-time cyber data supports proactive security measures and innovative services, and ensures a seamless customer experience, all of which can contribute to a competitive advantage.
The dynamic nature of cyber threats means that an organization’s cyber risk posture can change in milliseconds. Being secure last month, last week, yesterday or an hour ago can be irrelevant when a new cyberattack hits. The threats are “real time,” and the understanding of our cyber posture needs to be the same.
The high stakes involved in financial transactions make utilizing real-time data essential. By harnessing real-time cyber data, financial institutions can adeptly detect, assess and respond to cyber threats instantaneously, minimizing potential financial losses and bolstering consumer trust. The transition toward this holistic, vigilant cybersecurity stance encapsulates a strategic evolution—a leap from reactive postures to a proactive, informed readiness, anchoring the financial sector’s resilience in the digital age.
The importance of real-time cyber data in financial services cannot be overstated. It’s not just about mitigating risks but also about enabling secure, compliant and uninterrupted operations that protect both the welfare of customers and the institution’s bottom line.
Forbes Finance Council is an invitation-only organization for executives in successful accounting, financial planning and wealth management firms. Do I qualify?
