Estimating probability of a cyber-security breach
Cyber risk management has been integrated into companies' day-today operations. However, the evolving threats and fragmented data on cyber risk present a challenge for companies to understand and quantify a cybersecurity breach. In this issue, we are pleased to share with readers a research paper from Professor Shemyakin and his team from University of St. Thomas on Estimating Probability of a Cybersecurity Breach. This article discusses how to estimate probability of a breach for a specific database application. In a simple example, the probability of a breach for a database with 100,000 records can be estimated by the probability of a database breach and a BF factor. The BF factor is derived from a predictive model as discussed below. This estimate would provide decision-makers information about the probability of a breach for a specific application, so to identify the most vulnerable applications, and make it possible to assign "risk ratings" on applications.
Risk Management Newsletter