Those charged with predicting the size and shape of cyber risk – from within cybersecurity or insurance – face a major challenge in forming a forward-looking view of risk that applies multiple dimensions of data and insight to model possible outputs and identify trends before they become losses.
To that end, CyberCube recently completed its third Cyber Threat Outlook Survey (CTOS), which took the pulse of 78 threat intelligence and cybersecurity professionals and asked them to provide perspectives on the frequency of occurrence and resulting economic severity of the cyber threats facing businesses today and in the future.
They opined on the 32 scenarios presented in the survey, which showed the range of plausible scenarios is wide – and widening. It is notable, on reading the responses of threat professionals, that there is a wide spectrum of volatility in how often catastrophic cyber attacks might occur and how much economic damage they might cause.
Key trends from this year’s survey include:
The “attack surface” across industries and system vulnerabilities is growing and increasingly interconnected, raising concerns around cascading impacts from a single major cyber event
The cyber attack field will continue to intensify, with more frequent, catastrophic attacks being met with faster evolution of defense and cyber resiliency.
Economic impact is difficult to accurately predict, with a wide range of short-term and long-term factors playing into final economic losses from a cyber attack.
There are heightened concerns around cascading impacts from major cyber events including:
- Loss of confidence in core pillars of advanced economies, like trust in the global financial system or uninterrupted access to services from critical infrastructure
- A more conservative approach to incident response, including investigations resulting in the grounding of airplanes around the globe
- A more stringent regulatory response, like restricting online privacy or more controlled access to online resources and assets - all of which exacerbate concerns over the economic impact of major cyber events