Data breaches are not as random as you might think. Building upon previous work forecasting fraud among business customers, we discovered something often overlooked by practitioners. Insufficient staffing is a strong predictor of data breach, and surprisingly, audit staff is just as effective at preventing a data breach as staff working in information technology.
This session will demonstrate how a cybersecurity data breach can be accurately forecast based upon the number of employees overall, and the number of employees with certain certifications that relate to cybersecurity, including the ISC2 CISSP and ISACA CISA certifications. You will learn how this approach of measuring cybersecurity could help your organization to set risk appetite goals in terms of expected frequency of a data breach, and how to right size the cybersecurity team and manage third-party data breach risk to meet these goals.
