The 2024 Cybersecurity Risk Report Provides CISOs Insights into the Likelihood and Financial Impact of Top Cyber Risks.
By Luke Bader, Director, Membership and Programs, FAIR Institute
The FAIR Institute, the leader in education for cyber risk quantification (CRQ) based on FAIR™ (Factor Analysis of Information Risk), has released its 2024 Cybersecurity Risk Report. This document provides CISOs, CFOs and other business decision-makers the clearest visibility into the financial impact of cyber risks, based on quantitative analysis of actual cyber incidents through 2023.
This Report is sponsored by EY and Safe Security which provided research on cybersecurity program development and data-science support.
“The FAIR Institute 2024 Cybersecurity Risk Report leverages our most extensive data set ever and applies advanced techniques in quantitative analysis to reveal the underlying risk factors that organizations need to understand to mount their most cost-effective defenses against data breach and other loss events,” said Nick Sanna, President of the FAIR Institute.
“The insights within demonstrate the value of CRQ to empower organizations to manage their cyber loss exposure in the financial terms that boards and senior management understand. It’s especially timely considering the rules on disclosure of material cyber risk adopted by the Securities and Exchange Commission (SEC) in 2023, a powerful signal to public companies to improve their cyber risk reporting practices, and move to a data-driven, risk-based approach based on a transparent, defensible model such as FAIR,” adds Sanna.
Key Findings
The Report is augmented by material from the EY 2023 Global Cybersecurity Leadership Insights Study, based on interviews with 500 C-suite and cybersecurity leaders, that reveals valuable insights into the traits of “Secure Creators” who successfully implement cybersecurity programs.
- The two top industries by average loss exposure are Public Administration and Healthcare, driven by a relatively high probability of loss event.
- Systems Intrusion and Insider Error are the top 2 risk themes for small businesses, while Basic Web Application Attacks and Social Engineering top the list for large enterprises.
- Bigness raises risk. A large organization – measured in revenue and employee count – has a higher likelihood and severity of cyber loss events compared to a mid-market firm. For example, a large healthcare company has a better than 50% chance of a serious insider-error event in a year versus 26% for a mid-size company in the same sector.
- Businesses could reduce loss exposure to data breaches by as much as 80% by basic improvements in security posture (such as patching or securing endpoints) and reduction of data retention.
In response to the new rules from the SEC on material cyber risk, the FAIR Institute Cybersecurity Risk Report also introduces the FAIR Materiality Assessment Model (FAIR-MAM™), the only standard taxonomy to comprehensively define what forms of losses contribute to the measure of materiality in financial terms.
For a complimentary copy of the Report, please click on the link.
About the FAIR Institute
The FAIR Institute is a research-driven not-for-profit organization dedicated to advancing the discipline of cyber and operational risk management through education, standards, and collaboration. The driver behind our mission is the breakthrough achieved by FAIR™, the risk taxonomy and quantification standard, key to effective risk management.
Its members – forward-thinking risk officers, cybersecurity leaders and business executives – now exceed 15,000 in over 100 countries, with representation of 50% of Fortune 1000. The FAIR Institute has been recognized by SC Media as one of the three most influential industry organizations of the last 30 years.
To learn more and get involved, visit www.fairinstitute.org.
About the Author
Luke Bader is the Director of Membership and Programs at the FAIR Institute. He has worked to grow and support an international membership of over 15,000 at the Institute. He focuses on the member experience including education, events, and networking opportunities.
Luke lives in Washington DC with his dog, Rip, and holds both a Master of Science in Business and a bachelor’s degree from The Catholic University of America.
Luke can be reached online at [email protected]. Twitter: @FAIRInstitute, LinkedIn: FAIR Institute: https://www.linkedin.com/company/fair-institute, LinkedIn: https://www.linkedin.com/in/lukebader/, and at our company website www.fairinstitute.org
;
We are in our 11th year, and Global InfoSec Awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.