It can be challenging for business leaders to objectively evaluate the true risk of cybercrime as it pertains to their business, much less create an appropriate plan to mitigate this risk.
The problem is not availability of information. The problem is that there is too much information, most of which comes from either cybersecurity businesses themselves, academics who are more interested in public policy than in your business’ survivability, or technophiles who speak a different language.
All of these groups have something important to offer, but they also have limitations. It is therefore important to at least understand the opinions and logic of each group when making decisions that could significantly impact the success, or failure, of a business.
We included sources that are reliable, reputable, and which provide full-text access for public viewing.
It is important for business leaders to be able to find relevant, applicable material, and to understand that material quickly and without a background in technology.
Sources are rated for readability, based on whether they are academically minded or layperson considerate. Lower ratings mean that topics are less relevant to business leaders, are more difficult to understand, and which discuss methodology and limitations more than make strong assertions without offering an easy way for readers to get the gist.
Keep in mind that this list will be updated and expanded on in the future, so be sure to bookmark and return biannually.
Two Cybersecurity Special Reports
1. Cyber Risk for the Financial Sector: A Framework for Quantitative Assessment
Publication/Organization: International Monetary Fund (IMF)
Publish date: June 22, 2018
Author: Antoine Bouveret
Readability Rating: 6
Following recent attacks on financial institutions, this working paper analyzes cyber incidents including data breeches, fraud and business disruption and identifies trends of criminal behavior.
This in and of itself is a high value add for financial institutions due to the current lack of a comprehensive international dataset.
Also interesting is a framework that Bouveret presents as a way to evaluate cyber risk for the financial sector, for any given country.
Some key findings of the report
- The smallest banks (<$500 USD billion in total assets) suffer the most significant, direct losses.
- USA is at greatest risk
- Data Breach, Business Disruption, and Fraud are most common reasons for hacks
2. Malicious Use of Artificial Intelligence: Forecasting, Prevention, and Mitigation
Publication/Organization: 14 different institutions crossing academia, civil society and industry
Publish Date: February 19, 2018
Author(s): 26 authors
Readability Rating: 9
Consider how powerful Artificial Intelligence has become. Deep Blue usurped Kasparov’s reign in chess in 1997, over twenty years ago. And now, businesses are adopting AI-driven processes and benefiting from Machine Learning. From Marketing Automation, to Big Data Analytics, to Smart Factories, we are watching as artificial intelligence usurps humans in many skills, and we are watching as AI allows anyone to automate processes and deliver micro-level control to autonomous vehicles, drones, and more.
Is it scary that most AI is publicly available for anyone, including hackers, to use as they see fit? This report explores the truly horrific possibilities of AI + nefarious intentions. Although difficult at times, the vision of this report prepares leaders with a deep understanding of emerging capabilities of AI, as well as how they influence cyberattacks now and in the years to come.
Some key findings
- Expect attacks enabled by the growing use of AI to be especially effective, finely targeted, difficult to attribute, and likely to exploit vulnerabilities in AI systems.
- The costs of attacks may be lowered by the scalable use of AI systems to complete tasks that would ordinarily require human labor, intelligence and expertise.
- New attacks may arise through the use of AI systems to complete tasks that would be otherwise impractical for humans.
Two Cybersecurity Periodicals, the Best Academic Journal and Annual Report
Check in with Oxford’s sobering data on the reality of cybersecurity trends. The world might not be going to hell in a handbasket as quickly as others might lead you to think. Cisco’s biannual cybersecurity report is a must-read for any firm looking for a bullet list of cybersecurity best practices.
3. Cisco 2018 Cybersecurity Report
Publish Date: February, 2018
Author(s): Unnamed Cisco employees from 10 groups within Cisco and six external technology partners
Readability Rating: 8
Cisco’s Annual Report is a comprehensive, enterprise-focused report on emerging cybersecurity threats, as well as a list of best practices to mitigate cybersecurity risk.
Some key findings
- More than half of incidents result in over $500,000 in damages
- Breaches are becoming more dangerous. In 2016, only 15% of breaches impacted more than half of systems, but in 2018, 32% of breaches gained access to over half of systems
- Operations and Finance are most likely targets
- Risk increases with number of vendors
4. Oxford Journal of Cybersecurity
Publication/Organization: University of Oxford
Publish Date: 2017, 2016, and 2015 (Open access is granted for journals published one year prior
Readability Rating: 3
A year is a long time in an area like cybersecurity; however, it would be impossible to obviate the Oxford Journal of Cybersecurity from any list of cybersecurity journals. One of the most influential academic journals in the world, Oxford Journal of Cybersecurity still manages to publish articles that would be of interest to business leaders.
Some of the most-read articles included: “Examining the costs and causes of cyber incidents,” “Hype and heavy tails: A closer look at data breaches.” These and others offer deep and unbiased views on cybersecurity, which can provide a more sobering perspective than other sources.
Some key findings
- From 2017 to 2020, expect breaches to cost up to $179 billion (Hype and Heavy Tails)
- Most people think the frequency and size of data breaches are increasing, but one deep look at the data concludes that actually, breaches have flatlined in both these areas (Hype and Heavy Tails)
- The cost of a typical cyber incident is <$200,000 and approximately 0.4% of annual revenues (Examining the costs and causes of cyber incidents, 2016)
Note: These findings are at least 1 year old and do not take some of the most damaging attacks on record in 2017 and 2018.