As issues related to cybersecurity evolve, the potential financial impact of ransomware attacks has come to the forefront of every conversation. Organizations are particularly concerned about this risk, especially since significant resources are already committed to bolstering defenses. Despite these investments, the risk can’t entirely be eliminated.
Jerry Caponera, the General Manager of Risk Products at ThreatConnect, and Yousef Ghazi-Tabatabai, Director, Risk at PwC, step right into this conversation to answer the crucial question: How do you find the right balance for these infrequent but high-stake incidents?
Yousef highlights the potential to spend endlessly to mitigate risk, yet no targeted security measure ensures absolute safety. What’s key in such scenarios is to discern the return on these security investments not in terms of profits but risk reduction, and this doesn’t come without thorough analysis and quantification. Implementing a dollar expression for risk can provide organizations with a financial language to communicate and aid in evaluating expenditure against risk reduction.
Further in the conversation, Jerry mentions how ransomware attacks increase in both frequency and severity, and the regulatory landscape is showing rapid changes. Governments worldwide are starting to take action. With instances like the EU’s GDPR and multiple US States proposing their own regulations, it is evident that cybersecurity issues are inching towards more regulatory scrutiny.
There isn’t a roadmap to predict what regulations might come up amidst the evolving threat landscape. However, the trajectory points towards one direction – increased regulatory oversight. This might seem daunting to organizations, but armed with adequate knowledge and analytical insight into risk quantification, they can ensure better safety, actively address vulnerabilities, and stay ahead in a space where the winds of change are blowing towards more regulation.