{"id":35234,"date":"2020-05-28T18:00:56","date_gmt":"2020-05-28T18:00:56","guid":{"rendered":"https:\/\/www.microsoft.com\/security\/blog\/?p=91172"},"modified":"2020-05-28T18:00:56","modified_gmt":"2020-05-28T18:00:56","slug":"managing-cybersecurity-like-a-business-risks-part-1-modeling-opportunities-and-threats","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/managing-cybersecurity-like-a-business-risks-part-1-modeling-opportunities-and-threats\/","title":{"rendered":"Managing cybersecurity like a business risks: Part 1\u2014Modeling opportunities and threats"},"content":{"rendered":"
<\/div>\n

In recent years, cybersecurity has been elevated to a C-suite and board-level concern. This is appropriate given the stakes. Data breaches can have significant impact on a company\u2019s reputation and profits. But, although businesses now consider cyberattacks a business risk, management of cyber risks is still siloed in technology and often not assessed in terms of other business drivers. To properly manage cybersecurity as a business risk, we need to rethink how we define and report on them.<\/p>\n

The blog series, \u201cManaging cybersecurity like a business risk,\u201d will dig into how to update the cybersecurity risk definition, reporting, and management to align with business drivers. In today\u2019s post, I\u2019ll talk about why we need to model both opportunities as well as threats when we evaluate cyber risks. In future blogs, I\u2019ll dig into some reporting tools that businesses can use to keep business leaders informed.<\/p>\n

Digital transformation brings both opportunities and threats<\/h3>\n

Technology innovations such as artificial intelligence (AI), the cloud, and the internet of things (IoT) have disrupted many industries. Much of this disruption has been positive for businesses and consumers alike. Organizations can better tailor products and services to targeted segments of the population, and businesses have seized on these opportunities to create new business categories or reinvent old ones.<\/p>\n

These same technologies have also introduced new threats. Legacy companies risk losing loyal customers by exploiting new markets. Digital transformation can result in a financial loss if big bets don\u2019t pay off. And of course, as those of us in cybersecurity know well, cybercriminals and other adversaries have exploited the expanded attack surface and the mountains of data we collect.<\/p>\n

The threats and opportunities of technology decisions are intertwined, and increasingly they impact not just operations but the core business. Too often decisions about digital transformation are made without evaluating cyber risks. Security is brought in at the very end to protect assets that are exposed. Cyber risks are typically managed from a standpoint of loss aversion without accounting for the possible gains of new opportunities. This approach can result in companies being either too cautious or not cautious enough. To maximize digital transformation opportunities, companies need good information that helps them take calculated risks.<\/p>\n

It starts with a SWOT analysis<\/h3>\n

Threats and opportunities are external forces that may be factors for a company and all its competitors. One way to determine how your company should respond is by also understanding your weaknesses and strengths, which are internal factors.<\/p>\n