While attending a conference, the term cyber economics came up. "What an interesting term".
Cyber Risk is a business problem with technical aspects…so cyber economics seems to pair well together.
So, what is the definition of cybersecurity economics? A socio-technical view on cybersecurity, meaning budgeting, governance, and types of goods all integrated in order to provide sustainable recommendations. Note: sustainable is akin to some Board terms, such as Long-term Value Creation and Environmental, Social and Governance (ESG).
A simple example of a cyber economic metric can be recommendations that take into consideration financial impact of each potential cyber event.
Diving deeper into the economic aspect - a cyber director, officer, or advisor, needs to sit with each company officer and understand how the company generates revenue in their eyes, what metrics are important to them! Many financial metrics exist, and each company focuses on different aspects and prioritize them differently.
So, when you sit with your financial expert, you should already know the three statements and what their intent is, so you can discuss what metric, or metrics, are important:
Income statement - are we profitable?
Balance sheet - are we healthy?
Cash flows - where is cash going?
Comments