The Headline : Hack cost £60m and loss of 100,000 customers (Guardian 2016)
No-one reports the number of servers lost. Or switches compromised. The currency of a cyber failure is simply cash. And by failure this could be a compromise, exploited vulnerability or a simple failure.
FACT: the average cost of cyber failure for a business employing over 500 people has risen to £1.46m. Even small businesses are hit hard with costs ranging from £75k to £311k. The value of cyber crime has increased by 14% over the last year (Ponemon 2015 Cost of Cyber Crime Study: Global).
So what’s the minimum cyber-damage needed to hurt your business and empty the cash? What would a cyber-failure cost? A complex question. Maybe nothing. Maybe everything.
Cyber and the business impact
Evaluating the infrastructure in real-time is difficult enough. Understanding the cost to the business is nigh impossible without predictive analytics. Why? Business operations are complex. The interdependency of operations with the infrastructure will be even more so. It also depends on what the business is doing. Maybe pooled/parallel systems will only cope with a fraction of peak client demand. Maybe that’s acceptable. Is there a campaign running? Is it peak business time? Will suppliers withhold if they’re not paid? How many staff will walk if the payroll fails?
Software rots (“Great mysteries”)
The issue with cyber is that defences rot. No system became more secure over time. Without constant attention at some unknown point the business value becomes vulnerable. But when is the business at risk? And how badly? Why, and what is needed to avoid damage to the business value. Again, without predictive analytics processing the threat information and vulnerabilities the task is too complex. Actionable Intelligence is needed in real-time.
Living in a world of constant potential compromise
With the constant evolution of threats and constant attempts (organised and opportunistic) to compromise your business, intelligence-based analytics are needed.
You need to know the moment cyber infrastructure puts the business at risk. Just as important, you need to know when the business is potentially at risk! Is data vulnerable? Can a denial-of-service cause a loss of business (and value) or a loss of data.
The tale of two switches
To illustrate a simple case. 2 switches, side by side in a rack. There is a a minor difference in firmware version between the two. Does it matter? Is either vulnerable or routing sensitive data? How sensitive? Don’t assume that its the older version that is risking profits either! This isn’t an IT issue. This is a business issue. What needs to be done to protect the business?
Its all about business value
So is it time to focus cyber activities on protecting the business value? Modern predictive analytics can now provide actionable intelligence aimed at protecting the business. ‘What-is’ and ‘what could be’ predictive analytics allow decision-makers to avoid a loss of business value – before it happens.
No-one lost their job due to a loss of cyber. Or data. They got the sack because of the cost to the business. And these costs are rising year on year.
