As we begin a new year and people look toward the future, we tend to see predictions about all kinds of things, including cybersecurity.
Predictions can be useful, especially if they’re based on actionable intelligence and possess a high degree of certainty. However, when it comes to prioritization of cyber risk management actions, where predictions fall short, measured forecasts – a range of possibilities with corresponding probabilities, or probabilities for shorthand – provide much more effective information. More than predictions, probability is better suited to making business decisions about cyber risks.
To illustrate this, consider recent pronouncements by Forrester Research that “cybercrime is expected to cost $12 trillion in 2025” and “regulators will take a more active role in protecting consumer data.” Those are interesting predictions, to be sure: Both are precise but don’t offer any actionable advice.
Cybercrime was forecast to cost $9.5 trillion in 2024. Whether the cost in 2025 reaches $10.5 trillion or even more is beside the point, which is that cybercrime is a tremendous and growing financial burden on businesses and society. Likewise,…
