By Bob Zukis, Forbes Contributor
Having recently attended RSA 2022, one of the largest cybersecurity industry conferences in the U.S., it’s clear that the cybersecurity industry is only starting to address the cascading and catastrophic problems of systemic cyber risk.
Respondents to a survey I conducted rated their customers’ understanding of their self-insured economic exposure to cyber risk at 3.25 on a 10-point scale. A 10-rating indicated their customer’s quantify their self-insured economic exposures to cyber risk and a 1 indicated that they had no idea of the financial impacts of their cyber risk profile.
The lack of understanding of the economic impacts of cyber risk compounds the potential impacts of systemic cyber risk and the challenges facing boards and leadership teams in cyber governance and management. A few forward-thinking cyber leaders shared their thoughts on systemic cyber risk with me.
Bob Kolasky SVP at Exiger captured the essence of the issue simply but powerfully when he said, “Systemic risk demands systemic solutions.” Exiger’s products and services focus on one of the most visible areas of systemic cyber risk, third-party risk. Their solutions focus on the transparency of supply chains to surface common vulnerabilities and concentration risks. They are addressing the core systemic cyber risk challenge of a a distributed cyber risk environment requiring a consolidated understanding of cyber vulnerabilities across a business ecosystem.
Systemic risk is about the risk that exists between the parts of any complex system. This includes third-party vulnerabilities. Being able to understand if any third party introduces critical levels of systemic risk to the entire system through concentration risk is also a critical systemic cyber risk challenge. The phrase “too big to fail” that emerged with the systemic failures of the financial system in 2008 reflected perfectly the catastrophic and systemic impacts of concentration risk to entire complex systems.
Read the full article here: RSA 2022: Solutions To Systemic Cyber Risk Are Emerging, But It’s Early