C2S engages with the leading figures in cyber security. Our cyber security policy echoes the best from the world leading academics in cyber risk insurance calculations, the UK’s National Cyber Security Centre and the world leading security solution providers like Sophos.
Redundancy – there’s no point “resting on your laurels” after the act. Crime and prevention have a long history. It is a cat and mouse game. While we create stronger and more resilient security technology, criminal and other “cyber actors” create cleverer ways of breaking in. Redundancy is the solution. We must anticipate the worst and be prepared for it.
We are pleased to be able to reproduce two pages from Solving Cyber Risk. If you want to know how money is spent on cyber security and how it should be spent (Yes – they’re different!) Please click here for the most informed data collated by leading insurance experts and the Cambridge University Centre for Risk Studies.
For readers who really need to understand cyber risk rather than outsourcing it to consultants like us we recommend starting with this book: Solving Cyber Risk. By Andrew Coburn, Éireann Leverett and Gordon Woo.
From Solving Cyber Risk. Andrew Coburn, Éireann Leverett, Gordon Woo. Page 269-270.
The Ponemon Institute published an anonymized survey of a sample of 1254 large organisations spread across a broad range of 15 industries1.
Information was gathered on corporate expenditure on cyber security technologies, as well as the costs of cyber-crime.
These are costs to detect, recover investigate and manage the incident response. Also covered were the costs that result in clean-up activities and efforts to reduce business disruption and the loss of customers. From this survey the following five technologies emerged as the most cost effective. In order of decreasing returns on investment they are listed as follows:
Apart from these five technologies, lesser returns on investment are obtained from
These rankings return on investment maybe compared with rankings by actual corporate expenditure.
The technology rankings by actual expenditure are:1
The results may be a surprise to many of those who make cyber security investment decisions. It turns out that there are significant differences in rankings. Most money was spent on advanced perimeter controls which are ranked fifth in terms of cost effectiveness. Most cost-effective were security intelligence systems, which are seventh in expenditure.
Reference: 1. Ponemon Institute. Cost of Cyber Crime Study: Insights on security investments that make a difference. Accenture report; 2017.