Our Co-founder and Executive Chairman Michael Chertoff authored a recent piece for the Harvard Business Review on the continuing and growing risk of cyber intrusions and how organizations can mitigate those risks. It is becoming practically impossible to ensure that everything is properly patched. And the consequences are growing increasingly severe.
To manage cyber risk in this context, we need to fundamentally change the way we measure performance.
- First, at the front-end, we need to bring greater visibility to organizations inherent risk levels essentially, What are we being asked to defend?
- Second, we need much greater transparency, accuracy, and precision around how we perform against likely threats and whether we do so consistently across the attack surface.
- Third, we need to plan for, and measure performance against, tail risk scenarios low probability high consequence events.
We can turn risk into opportunity: if we can coalesce around mechanisms to measure cybersecurity performance with transparency, accuracy, and precision, we could work with allied nations to codify and implement them. They could then be reflected as baseline requirements in technology procurements abroad, creating larger opportunities for differentiation. There is no such thing as risk elimination, but through better measurement and incentivization, we can not only manage these technology risks, but turn them into opportunities for a more resilient economy.
Read the full article in Harvard Business Review.