Policy Implications of Faulty Cyber Risk Models and How to Fix Them

Explore the critical impact of accurate cyber risk data on security policies in this 46-minute Black Hat conference talk. Delve into a data-driven analysis of historical cyber incidents, focusing on events affecting multiple organizations. Examine the frequency and economic costs of cyber events, challenging common assumptions about breach likelihood and losses. Investigate how misunderstandings of incident propagation across supply chains can hinder effective third-party risk management. Consider the potential for an inter-organizational approach to security policies and practices. Learn how studying past events can inform future risk appetite and cyber insurance decisions. Evaluate the consequences of poor risk data on regulatory and compliance requirements. Gain insights from speakers Wade Baker and David Severski on improving cyber risk models and their policy implications.

Introduction
About Scientia
Myth
Cost
Cost Per Record
Cost Per Revenue
Frequency
Policy Implications
How do we replace cost per record
Losses are disproportionate
Ripples across the wrist
American Medical Collections Agency breach
How common are these types of incidents
The iceberg
The ripple effect
Multiparty losses
Hat Tip
How can we fix it
Collect better data
Conduct better research