October 25, 2021
The Cambridge Centre for Risk Studies (CCRS) and BitSight today announced a new research partnership that will analyze the relationship between organizational cybersecurity investments and risk reduction. The partnership combines security program investment costs, BitSight’s cybersecurity performance data, and the Centre’s sophisticated risk and incident modeling in order to help organizations evaluate security and risk management decisions and measure the efficacy of their investments in reducing risk.
The partnership comes at a critical time for security professionals to demonstrate the value of their investments to senior leaders. In spite of record spending on cybersecurity technology in 2021, cyber attacks continue to escalate and cause massive financial damage to organizations across all sizes and sectors. Security and risk professionals face growing pressure from executives and boards to quantify the effectiveness of their investments in reducing risk.
Jacob Olcott, BitSight’s Vice President of Communications and Government Affairs said, “For far too long, organizational cybersecurity decisions and investments have been influenced by fear and marketing. It is critical for security and risk professionals to leverage data analysis in strategic decision making. This partnership will produce unique and valuable research to help leaders consider the financial costs and risk reduction benefits of their cybersecurity strategies. We are proud to work closely with the Cambridge Centre for Risk Studies to develop research that will benefit the global risk community.”
Dr Andrew Coburn, Chief Scientist, Cambridge Centre for Risk Studies, said, “Our work with BitSight will start to integrate quantitative data into the discussion to take the guesswork out of cybersecurity management. This partnership will explore how to reduce the impact of cybersecurity breaches and enable organizations to assess and compare alternative cyber loss reduction strategies on an objective basis to evaluate the effectiveness and value of security expenditure.”