ABSTRACT
Cybercriminals attack your digital assets. Today 85% of your business is a digital asset. In 2001, 10% of your business was a digital asset. This explosion in digitalization is aligned to the explosion in cybercrime. Many companies have thousands of digital assets. Some are more valuable than others. Understanding which assets have the most financial exposure and why is critical to managing cybersecurity risk.
Cybersecurity exposure quantification provides an understanding of the potential financial loss and allows the firm to prioritize cyber risk remediation efforts in a logical and effective manner. Furthermore, it sets the stage for holistic cyber risk management allowing the integration of the data across the privacy, risk, security, governance, and compliance domains. These functions are interrelated or “interbeing.”
Interbeing is a concept coined by Vietnamese Buddhist Monk and scholar Thich Nhat Hanh. Hanh was nominated for the noble peace prize by Martin Luther King Jr. Hanh defines interbeing as the means to interdependently co-exist. The meaning recognizes the dependence of any one person or thing to all other people and objects while maintaining separate identifies. In cybersecurity it is the dependence of one digital asset to other digital assets while maintaining separate identifies. Privacy, compliance, and risk are all interdependent on cybersecurity.
Hanh states, “Not only is no man an island, but rather his interbeing is shared with the plants and animals he eats, the people who make his clothes and food, the people who populate his home, country and the very world he perceives, the insects that pollinate the trees that yield his fruit, shade him from the sun, and provide lumber for his house.” 1
Not only is no company or business function an island, but rather its interbeing is shared with the digital assets and vendors that supply its raw materials, systems that process them into products and services and customers that they sell them to, countries that protect their critical infrastructure, and regulate data security. This chapter focuses on using the digital asset approach to quantify cyber exposures. This approach is 100% directly aligned with how a cyber insurance company would pay a claim for a cyber event.
