Fri. Mar 1st, 2024

Many business processes are calculated using fairly simple mathematical models. Unfortunately, this has little application to cybersecurity. At the beginning of the restrictive measures as part of the pandemic, the following happened: Many companies, urgently switching from development mode to savings mode, announced to the divisions a proportional reduction of all costs by 15% and, in response , asked the service divisions to report what exactly would change from this. All units except one quickly coped with the task. They reported which services would fall in quality and which would not be available at all. The divisions considered several options and chose the most benign for the business: For most divisions, constantly evaluating how much this or that service costs us is almost a daily routine. And only one unit responded: “Nothing is going to change.” It was a cybersecurity service. Why did that happen? It is clear that if, for example, the fleet of vehicles is reduced in financing, which means less people and fuel, worse quality of spare parts, etc., then it is quite easy to calculate how the traffic interval will change, how much the queue of requests and the average execution time. That is, many business processes are calculated using fairly simple mathematical models. Unfortunately, this has little application to cybersecurity. Cybersecurity is like a link: the better it is, the more discreet it is. If most business processes are measured by events that have occurred, then the result of cyber defenders’ activities is not events that have occurred, but events that have not. It’s also impossible to dismiss the fact that cybersecurity professionals are specific people who chose this profession for a reason. Very often, cuts in cybersecurity funding do not cause visible changes for some time.

risk models

Of course, for math lovers, there are beautiful risk models and you can calculate, display and justify anything. But business is about taking risks, and cybersecurity risks always pale in comparison to geopolitical or other common risks. If the risk is not one hundred percent, in the eyes of the company it immediately becomes fifty percent. Even when risk models are a routine part of business (banking, insurance), the main business tool to deal with them is the provision of funds to compensate for damages and not actions to reduce them.

Economic transparency of cybersecurity

What about the less mature industries in terms of risk assessment?

Using economic terminology, we can say that the quality of cybersecurity is not elastic in terms of resources, that is, a change in resources does not lead to a proportional change in quality. This is also true regarding the increase in resources: increase the cybersecurity budget several times and the company will not notice anything special, as well as no unacceptable events will occur.

Role in digital transformation

But the further, the more cybersecurity becomes an element of digital transformation. Partly due to the fact that the functionality and performance of the digital systems that make up businesses must be concentrated in one hand. And partly due to the fact that being outside of digitization, without understanding the business context of digital systems, it is impossible to protect them effectively. Also due to constant changes in business functionality, digital platforms and the infrastructure on which they are implemented: rapid changes in the object of protection require rapid adaptation.

By deepak yadav

Dk is a writer who specializes in news articles. he has been writing on for over one years, and during that time she has written over 100 articles on various topics ranging from politics to entertainment. Her goal as an author is to provide readers with the latest news stories while also providing her own opinion on them.