Solving Cyber Risk:
Protecting your company and society
by
Andrew Coburn, Eireann Leverett and Gordon Woo
This book draws on research and practice in working with companies on reducing their cyber risk, published by Wiley in 2019.
Available from Amazon and all decent book stores.
Editorial Reviews
“Solving Cyber Risk brings a technical subject to life using entertaining and poignant parallels to historical warfare. It also makes a compelling argument for the use of counterfactual analysis of past cyber events, to help us protect the digital economy from the cyber aggressors of the future. The authors make the case for cyber resilience and give business leaders practical advice to embed cyber-aware culture in their organisation.”
- Domenico del Re, Director, PricewaterhouseCoopers
“Before we can begin to address the serious risks that accompany the modern world's increasing dependence on networked computer systems we have to understand them, and this is the key achievement of Solving Cyber Risk. Anyone reading the book will come away better able to assess, quantify, and reduce the risks faced by their business.”
- Bill Thompson, Technology writer and BBC presenter
“Is your organisation cyber-resilient? Are your services? Are you? Starting from practical assessments of how a security breach could damage the organisation, this comprehensive review of the current risk landscape will tell you why it matters, how to assess your own performance, and how to improve it.”
- Andrew Cormack, Former Computer Security Incident Response Team (CSIRT) manager
"The essential handbook for anyone that wants to understand the cyber risks facing their business. The authors draw on decades of experience in cyber, insurance and modelling to provide the essential context for the range of potential threats and losses, today and in the future, providing real life case studies and practical advice for assessing and managing the risks."
- Matthew Grant, Founder and Executive Director, Abernite Ltd.
"Whoever feels overwhelmed by the sheer amount of unsorted information - around cyber risk, the uncertainties of managing this risk and its questioned insurability (which I do not share) - should read this book. It helps to ringfence the key issues by classifying, weighting and prioritizing cyber related decisions. It is good for IT security professionals to get familiar with risk management framework and it is equally helpful for risk management professionals to break down the complexity of 'cyber' and focus on the essentials."
-Simon Dejung, Senior Underwriter, SCOR
Book Outline
Cyber risk presents a clear and present danger to the functioning of our society and the wellbeing of our economy. Information technology has played a major role in boosting economic growth for the advanced economies, but it now threatens the prosperity it created. Using data compiled over many years of analyzing cyber risk and working with companies battling on the front line of cyber risk management, the authors of Solving Cyber Risk estimate that cyber losses cost over $1.5 trillion a year to the global economy - eroding a steady tax of around 2% on our economic output. Cyber attacks could trigger massive economic shocks of potentially trillions of dollars. State-sponsored cyber attacks on each other’s countries threatens democracy and geopolitical stability.
Solving this risk will not be easy, but the authors dissect the problem. They review the role that companies can play in improving their own cyber security and cyber threat awareness. They characterize the principal causes of cyber loss and explain the best methods of combatting them. They show that the production of software produces inherent exploitable vulnerabilities, and discuss methods of reducing them at source. They profile the black market of malicious cyber hackers and their ‘business models’, showing that they can be combatted by changing the calculus of their reward systems. They argue that law enforcement, regulation, and litigation systems need radical overhaul to meet the new threat, and highlight the role of government and policy-makers in making us safer.
The authors apply techniques of risk assessment – analyzing the likelihood and severity of loss – to assess the costs and benefits of cyber risk management. They provide practical exercises for companies to improve their cyber risk management cost-effectively.
Cyber is an unprecedented threat. It will need radically new approaches to solving this risk. This book proposes that we need to take a fresh view at cyber risk, and not be afraid of challenging orthodox approaches.