Why Companies Will Keep Getting Breached In 2019 And Beyond

Last updated by UpGuard on September 4, 2019

scroll down

The answer is simple: because it's highly profitable. Credit card numbers are still the best we've got for transacting digitally and health records are 10 times more valuable on the black market. And despite efforts from the infosec community at large, cybercrime continues to increase in frequency and severity. The more important and difficult question is not why, but howthat is, how can companies not just survive, but thrive in a landscape of digital threats?

Unfortunately, this particular question is complicated as the answer may vary per organization and industry. Universally, however, it starts with embracing the concept of digital resilience. In a nutshell, digital resilienceas succinctly put by Gartner's Peter Firstbrook, is about "absorbing the punches and bouncing back from the big things while accepting certain risks for the achievement of success.” Given the impossibility of completely ridding an organization's entire web presence of cyber risk, or of external partners from third-party vendor risk, the best chance a firm has for survival in the brave new digital economy is assessing vendor risk ahead of time and taking measured risks in order to realize opportunities and competitive advantages. 

Digital Resilience Prerequisites

So what does it take for a firm to achieve digital resilience? Looking to other mature industries that deal in high risk can help shed some light on the matter. The rise of the automobile has no doubt propelled society forward, but at the cost of many lives; despite this, motorway accidents and fatalities are at most an afterthought of the daily commute. Consumers and businesses can enjoy the benefits of modern transportation through instruments that effectively manage riskthese are, of course, the various types of insurance coverage available (and are in most cases required by law). These products enable customers offset the high cost of automotive risk in exchange for premium payments.

Car crashed into tree

The occasional cost of living resiliently. Source: Thue / Wikimedia Commons.

This risk-based thinking is also a prerequisite for digital resilience, and indeedthe nascent but rising cyber insurance industry is a reflection of the ever-worsening cyber threat landscape. Unfortunately, up until now the metrics for quantifying and comprehending cyber risk were at best arbitrary and at worst, completely inaccurate. 

Learn more about CSTAR

Measuring Cyber Risk With UpGuard's CSR

We started out by asserting that the most important and difficult question for an organization is how to thrive in a landscape of digital threats. Since an approach's efficacy varies per organization and industry, prescriptive measures are marginally effective. In the same vein, every organization's IT infrastructure is different and belongs to a particular risk profile unto itself. Again, looking to the auto insurance industry for cues, a mix of data points regarding the driver and automobile in question (e.g., driving record, driver age, cost of vehicle, vehicle type/class, et al.) determine the cost of coverage. A company's cyber risk profile should therefore be unique to the organization, with cyber risk assessments taking into account data points regarding the internal state of its systems, in conjunction with externally-sourced data.

This is the essence of UpGuard's Cyber Security Rating (CSR): a composite score representing the collective vulnerability of every server, network device, and cloud service to the risk of breaches. CSR gives insurers the ability to provide optimally-priced insurance policies customized per organization based on an actual infrastructure's configuration state and testing habits. But there's a lot more to UpGuard than just assigning a numeric value to cyber risk. Our platform helps your organization become more digitally resilient through continuous integrity monitoring and validation, helping to prevent data breaches



Related posts

Learn more about the latest issues in cybersecurity