Industry-first quantitative cyber risk impact report gives business leaders real data and actionable insights based on actual customer incidents and financial exposure

2023 RiskLens Annual Cybersecurity Risk Report finds web application attacks, insider errors are top risks; public administration, healthcare are most impacted by loss exposure


RESTON, Va. and SPOKANE, Wash., Feb. 15, 2023 (GLOBE NEWSWIRE) -- As the financial impact of cybersecurity breaches continues to grow, organizations are increasingly moving to more reliable, quantifiable methods to assess their risk factors and how to best protect themselves from business losses. The 2023 RiskLens Annual Cybersecurity Risk Report is the first of its kind that provides visibility into the actual impact of top cyber risks, based on real-life incidents experienced by companies in the past year, rather than relying on more subjective surveys.

"This first Annual Cybersecurity Risk Report provides the industry with much needed visibility into the business impact of the most common cybersecurity events across many industry verticals,” said Nick Sanna, CEO, RiskLens.

“Cyber risk quantification (CRQ) enables organizations to finally understand and manage their cyber loss exposure in financial terms that business leaders and corporate boards understand. These findings are consistent with what we've heard and seen from customers for years. We have long believed that clarity comes through cyber risk quantification (CRQ) in terms of dollars and cents, not guesswork or improbable scenarios. Now we have data that goes into more depth than ever before which confirms this.”

Key Findings

This report was designed to provide reference estimates for the probability, loss, and loss exposure of common cyber events. It summarizes the findings by industry and event themes, and details how actionable variables, such as security stance and data retention management, can reduce risk exposure.

  • No industry is immune, with public administration and healthcare heading the list of industries with the most total risk exposure.
  • The top two risk themes by overall exposure are web application attacks, with the highest overall loss exposure, and insider errors, which were more likely but less costly. The most expensive theme by loss is system intrusion.
  • Businesses can improve their security posture by reducing data records at risk and lowering their event exposure by up to 88 percent. The report further demonstrates how organizations can lower losses by 60 percent and event probability by 67 percent.

"With the average cost of a data breach increasing 13 percent in the last two years to more than $4.35M, according to the 2022 IBM Cost of a Data Breach Report, quantifying security risk financially is the best way to prioritize initiatives and gain executive buy-in," writes Julian Meyrick, managing partner and vice president, security strategy risk and compliance, security services at IBM (a RiskLens partner) in his contributed article, “Using Risk Quantification to Empower Decision Makers and Reduce Cyber Risk Across Highly Targeted Industries.”

Methodology

Report findings were uncovered by RiskLens using its RiskLens My Cyber Risk Benchmark tool. Real security scans, real events, and real losses drawn from trusted industry sources provided the anonymous inputs for hundreds of thousands of risk scenarios leveraging the FAIR™ (Factor Analysis of Information Risk) cybersecurity and operational risk standard.

For a complimentary copy of the report, please click on the link.

About RiskLens

RiskLens helps organizations make better cybersecurity and technology investment decisions with software solutions that quantify cyber risk in financial terms. We are the creators of Factor Analysis of Information Risk (FAIR™), the international standard for cyber risk quantification, and the Technical Advisor to the FAIR Institute. The RiskLens platform is the only enterprise-scale software-as-a-service (SaaS) application for FAIR analysis. The RiskLens FAIR Enterprise Model (RFEM) creates flexibility to adopt FAIR and build programs, supporting companies at various maturity levels and with different business needs. With capabilities across the risk management process, and a large client base of Fortune 500 businesses, RiskLens is the only company with the expertise to help organizations navigate their most complex and challenging cybersecurity decisions. Visit us at www.risklens.com, and find us on LinkedIn and Twitter.  

Media Contact:

Cathy Morley Foster
Eskenzi PR
cathy@eskenzipr.com 
(925) 708-7893 (cell)