Home Identifying Cyber Risk through Consensus

Identifying Cyber Risk through Consensus

An intriguing new project to measure cyber-security risks has launched. The Index of Cyber Security, run by Dan Geer and Mukul Pareek, seeks to deal with the quick change of specific security threats by establishing a consensus among security professionals, using what they call “sentiment-based” metrics.

The index starts out at base 1,000 and increases or decreases based on active threats. The report is monthly. The inaugural report, for April, gives a cyber-security threat index of 1,021.6.

With the increase in the amount of sheer data available to anyone, access to it only takes one so far. How do we process data so it produces actionable information, even knowledge? Expert consensus is a reasonable measurement. We use it already when it comes to recommendations from friends, peers and experts. Why not security professionals?

It is not just a rule-of-thumb calculation, however. It seems clear these gentlemen aren’t afraid of math and they go into some detail on how their index is created. The short version is, they have created an absolute index (vs. one which is relative month-to-month) based on a list of questions, each of which is weighed equally on a five-point Rikert scale.

Key findings from their inaugural report include the recognition that nation-states are a problem.

  • Most respondents feel that the biggest increase in threat over the past month has been from malware in its countless forms.
  • The threat from nation-states is considered an increasing threat, as is the threat of targeted attempts to steal industrial data.
  • The risk due to a compromise at a third-party with access to data is also considered a rising threat.
  • Overall, security professionals felt that cyber security in the aggregate has worsened, including that of online transactions they conduct as part of their personal lives.
  • On the positive side, respondents believe that the value and protection received from government and regulators is improving, though the cost of regulation is also going up.
  • Threats from malicious insiders, internet based attacks, and political- or ideology-based attacks are only marginally up compared to the previous month.

“An index produced without collaboration with industry professionals/CISOs may intrigue their curiosity, but may never get adopted,” they said on the ICS site. “By involving 100 up to 300 CISOs or security practitioners in a survey based process, we gain better acceptance of the index and adoption by their organizations as their participation means they are ‘invested’ in the index.”

It will be interesting to see if the ICS is accepted as a standard metric.

Padlock photo by Mike Baird | other sources: infosec island

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.