The Financial Times discusses a potential “Black Swan” event. International Organisation of Securities Commissions = IOSCO
A Black Swan event definition:
A “Black Swan” is a highly improbable event with three principal characteristics: it is unpredictable;it carries a massive impact; and after the fact, we concoct an explanation that makes it appear less random an more predictable than it was.
This terrible and “massive” event will happen or is bound to happen, and that is what security professionals should prepare for. Yes in the “Psychology of Security” there are a majority of people who risk loss in the thinking that a major security event will not happen, or if it does the cost will be borne out of “cost of doing business” calculations.
It is hard for people to factor in one time events. But my assertion is that even if it is unlikely a “Black Swan” event needs to be prepared for. In security $$ spending one has to ascertain what is a good number for you. Is 2% enough? 3%? or 5%??
Humans have been living with risks since the dawn of our history, so the key is to prepare in a sufficient manner that does not disrupt current actions. The level of spending could be included in standard disaster recovery spending (DR). Because a “Black Swan” security event for Target may not have caused a complete failure of company functions, but it did create a level of mistrust for all people shopping at Target. I will certainly think twice before using my credit card at Target.
If one looks at cyber crime in the same manner as DR, maybe the ability to defend against a black swan event improves the risk percentages. 89% of worldwide exchanges (120) consider cyber crime a systemic risk.
Contact Us to discuss your security profile