There is a lot of ambiguity when it comes to assessing cybersecurity risk, starting from the probability of a breach, and ending with the estimation of the impact. It’s helpful to break down these items and then work to quantify the ranges for each of them with data specific to your business.
When assessing cybersecurity risk, we follow a proven methodology that starts with estimating the likelihood that an organization will experience a breach or a successful attack. A successful breach requires an existing vulnerability in that a threat (or bad actor) can find and exploit.
However, it is also important to estimate the value of the underlying asset that is being protected. What is the cost of that asset being compromised? And accordingly, is the value of the additional investments required in cyber defenses justified?
Below are some basic concepts that are covered during a cybersecurity risk assessment: