Snow, cybersecurity and the risk profile

One term that is widely thrown around in cybersecurity, without always being well understood, is risk.

Grégorio Matias

Risk and cybersecurity

Strictly speaking, risk is defined as the probability that a vulnerability (something that has a negative impact on you) will be exploited, multiplied by the impact (what it will ultimately cost you if this vulnerability is actually exploited).

Let's leave this rather theoretical definition behind and look at "how" organisations should approach this term. Saying that a risk is high doesn’t actually mean anything. I often hear people say: "... as the risk is very high, you really should do something ... ". (e.g. install new tools, etc.).

Most of these recommendations come from unscrupulous salespeople who themselves have no concept of "risk" or, worse still, who ask their customers to do something that they themselves would not do.

Risk perception: it means different things to different people.

During this holiday season, some like nothing better than heading off to the mountains to try out the fresh powder snow (provided the resort is up high enough). What's the first thing you notice on a snow-covered slope? Risk-takers: those who feel invincible and veer off-piste (well away from the ski runs). You could call them "extreme" risk-takers. On the other hand, you have the more reasonable people, who stay on the marked runs.

Why this comparison? Because it shows that human beings have different attitudes to risk. Some people are prepared to take risks, regardless of their magnitude, while others are not: this is known as a the "risk aversion/appetite" profile.

How do you assess the cybersecurity risk to your organisation?

To come back to cybersecurity, you shouldn't "do something" when the risk is high, but when you consider that you’re not ready to accept the risk... That's quite a difference!

There's one last point, but not the least: do organisations, or the people who run them, have a good perception of cyber risk?

A bit like skiers who go off-piste thinking they are invincible, some find it hard to assess the extent of the risk facing their business. This takes us to the second challenge in relation to the term “risk”: how do you assess it at its true level? To help these organisations, a security assessment or a cyber risk audit are good starting points... but they call for a rigorous approach combining know-how and expertise.

In conclusion, if you really want to manage cyber risk in an organisation, it is essential that you start off by first determining the "risk profile" and carrying out a "cyber risk assessment".

Snow, cybersecurity and the risk profile
...

Tell us about your cybersecurity needs

Thank you for your message, we’ll contact you very soon! Fill all fields Error when creating request. Please try again
6Lcp1CAbAAAAAM-4iEYkG33vfIaUYODi6YEXTTqi