'The Risk Call' Monthly Webinar Register     'CYBERWatch' Monthly Newsletter  Register



Cybersecurity Optimization


Website four-square


Cybersecurity Optimization is all about eradicating risk. While there are many sophisticated and compelling technology solutions available to address cybersecurity vulnerabilities, targeting these at the most impactful origins of risk is essential. Every risk has a cost, or it’s simply not a risk. And every risk has an ongoing cost whether the risk ultimately occurs. The entire insurance industry thrives on taking the ongoing cost of these risks off our hands - for the price of a monthly premium, which itself has a cost

Meanwhile, business evaluates effective strategies in areas as diverse as Finance, Operations, Marketing, R&D and elsewhere, in terms of their financial results. Evaluating and guiding the strategies driving cybersecurity brings security efforts into further alignment with the rest of the business. Using the Risk Profile, decisions can now be made based on financially-driven priorities that drive efforts more strongly to the fundamental mission of cybersecurity - the reduction of risk.

It’s all a matter of degree - if we can eradicate risks that have a high exposure to loss, we gain more. If instead more cyber efforts are focused on risks driving more minor slices of cost, we may not be matching the degree of effort to the degree of gain. Using the Risk Profile to first identify, then attack, the greatest sources of risk, allows the organization to gain greater and greater degrees of risk reduction - and therefore cost recovery - in the near term and the long term.

A risk is possible when a threat meets up with a relevant vulnerability. The Thrivaca Risk Profile tracks over 14,000 threat-vulnerability pairs, and allows attention to be directed at the root causes, beyond treating merely the surface symptoms. While this journey is different in every organization and every industry, there are always several key steps to get serious about activating a data-directed and financially-informed cybersecurity program:

1.) Within the first week after implementation, the Risk Profile will identify the dynamics of the costs associated with both finite and broader risks

2.) In the first 90-120 days, the Risk Profile is used to target the top areas where risk can be reduced, within parameters of risk tolerance, budget, and other considerations. These inputs are used to provide a data-driven, shared view across the management team

3.) Within the first year, an annualized risk reduction program can be put firmly in place, with coordination across risk management, legal, finance, internal audit, compliance, and other key stakeholders

4.) By the second year after implementation, a sustainable program of ongoing risk reduction can emerge and become part of corporate culture. With recurring metrics and senior management support, cybersecurity effectiveness can be advanced by six-sigma level methods, continually recalibrating cybersecurity initiatives to the greatest gains and keeping protections current and relevant

Website optimization steps