Making intelligent and informed decisions around cyber

The experts continue to bombard us with their advice, insight, and guidance for addressing cyber.

One of those experts, KPMG, recently shared What’s next: Key cyber considerations for 2019. Unfortunately, I don’t think it has much to say that is new or valuable – it points out what we should all already know. Frankly, its more a marketing piece than thought leadership.

The FAIR Institute has probably the best methodology for quantifying cyber exposure. Their chairman has penned an interesting document, Understanding Cyber Risk Quantification, a Buyer’s Guide.

He makes a number of points with which I agree, including:

• The cyber risk landscape is increasingly impactful, complex and dynamic, and organizations have limited resources to apply to the problem.
• Furthermore, every dollar spent on cyber risk management is a dollar that can’t be spent on other business or mission imperatives.
• It’s important to recognize however, that measuring risk quantitatively shouldn’t be a goal in itself. What is most important is ensuring well-informed decisions through reliable and meaningful risk measurements (whether qualitative or quantitative).

Unfortunately, the decisions…