Why Companies Will Keep Getting Breached In 2016 And Beyond

September 6, 2016

Estimated Time to Read:4 minute read

Why Companies Will Keep Getting Breached in 2016 and BeyondThe answer is simple: because it's highly profitable. Credit card numbers are still the best we've got for transacting digitally and health records are 10 times more valuable on the black market. And despite efforts from the infosec community at large, cybercrime continues to increase in frequency and severity. The more important and difficult question is not why, but howthat is, how can companies not just survive, but thrive in a landscape of digital threats?

Unfortunately, this particular question is complicated as the answer may vary per organization and industry. Universally, however, it starts with embracing the concept of digital resilience. In a nutshell, digital resilienceas succinctly put by Gartner's Peter Firstbrook, is about "absorbing the punches and bouncing back from the big things while accepting certain risks for the achievement of success.” Given the impossibility of completely ridding an organization of cyber risk, the best chance a firm has for survival in the brave new digital economy is taking measured risks in order to realize opportunities and competitive advantages. 

What is the Website Risk Grader?

Digital Resilience Prerequisites

So what does it take for a firm to achieve digital resilience? Looking to other mature industries that deal in high risk can help shed some light on the matter. The rise of the automobile has no doubt propelled society forward, but at the cost of many lives; despite this, motorway accidents and fatalities are at most an afterthought of the daily commute. Consumers and businesses can enjoy the benefits of modern transportation through instruments that effectively manage riskthese are, of course, the various types of insurance coverage available (and are in most cases required by law). These products enable customers offset the high cost of automotive risk in exchange for premium payments.

The occasional cost of driving without insurance

The occasional cost of living resiliently. Source: Thue / Wikimedia Commons.

This risk-based thinking is also a prerequisite for digital resilience, and indeedthe nascent but rising cyber insurance industry is a reflection of the ever-worsening cyber threat landscape. Unfortunately, up until now the metrics for quantifying and comprehending cyber risk were at best arbitrary and at worst, completely inaccurate. 

Learn more about CSTAR

Measuring Cyber Risk With UpGuard's CSTAR

We started out by asserting that the most important and difficult question for an organization is how to thrive in a landscape of digital threats. Since an approach's efficacy varies per organization and industry, prescriptive measures are marginally effective. In the same vein, every organization's IT infrastructure is different and belongs to a particular risk profile unto itself. Again, looking to the auto insurance industry for cues, a mix of data points regarding the driver and automobile in question (e.g., driving record, driver age, cost of vehicle, vehicle type/class, et al.) determine the cost of coverage. A company's cyber risk profile should therefore be unique to the organization, taking into account data points regarding the internal state of its systems, in conjunction with externally-sourced data.

This is the essence of UpGuard's Cyber Security Threat Assessment Report (CSTAR): a composite score representing the collective vulnerability of every server, network device, and cloud service to the risk of breaches. CSTAR gives insurers the ability to provide optimally-priced insurance policies customized per organization based on an actual infrastructure's configuration state and testing habits. But there's a lot more to UpGuard than just assigning a numeric value to cyber risk. Our platform helps your organization become more digitially resilient through continuous integrity monitoring and validation, providing the mechanisms to improve CSTAR scores as a measure of digitial resilience. 

Get started with UpGuard today.

See What UpGuard Can Do For You

More Blogs

How CSTAR Works

All the information needed to perform a CSTAR assessment is bundled into the UpGuard platform. Learn more about CSTAR.
Read Blog >

What's In the Website Risk Grader?

The UpGuard Website Risk Grader provides a low friction way to get an initial assessment of a business' risk profile.
Read Blog >

Understanding Risk in the 21st Century

And as we enter 2016, the risk of data breaches in particular threatens to hamper business innovation.
Read Blog >




Share this post: