Magazine article Risk Management

Understanding Cybersecurity

Magazine article Risk Management

Understanding Cybersecurity

Article excerpt

Hardly a day goes by when we do not hear about some kind of cyber attack on a business. Anecdotes abound about businesses hit by hackers, viruses and worms, as well as cases where people within companies use computers to carry, out crimes, like embezzlement or information theft. The problem with anecdotes is that they tell us we have a problem but not how pervasive the problem is, how vulnerable specific businesses are, or how much such incidents cost businesses in dollars and downtime.

Businesses take precautions to protect their computer systems from the risk of attack, but when businesses make cybersecurity plans based on anecdotes and the "sky is falling" mentality that such media coverage engenders, how effective will their plans be? A recent General Accounting Office (GAO) study puts it even more succinctly: "One of the roadblocks to understanding the importance of cybersecurity is the lack of solid information on the scope and scale of cyber vulnerabilities and the consequences of cyber attacks." Such solid information is critical not only to the businesses in the trenches, but also to policymakers at all levels who must craft policy that cuts across businesses and government.

Not surprisingly, the best way to get the "perspective" the GAO calls for is to survey businesses on a national level. That said, not all surveys are created equal. To be truly valuable, a national computer security survey must be representative of the nation's businesses and industries so we can talk about the population of U.S. businesses as a whole. It must also have a large enough sample size to allow us to paint a reliable picture of the effects of cybersecurity incidents on businesses. And response rates must be high enough so results can be generalized.

While several national computer security surveys have been conducted in recent years, all have problems related to representativeness, sample size and response rate that minimize the value and usefulness of their findings. But a new survey--the Department of Justice/Department of Homeland Security National Computer Security Survey, or NCSS--should go a long way in helping both businesses and policymakers get their heads around the scope and nature of the nation's cybersecurity problem. Sponsored by the DOJ and DHS, the NCSS--which began fielding this Spring--will survey more than 25,000 businesses representing the 5. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.