This article originally appeared at The WHIR
A new cybersecurity risk assessment model released by Juniper Networks and RAND Corp. on Wednesday finds major cybersecurity cost reductions could be achieved through the elimination of software vulnerabilities as cybersecurity costs are on track to rise 38 percent by 2025. A reduction in half of vulnerabilities to software and applications would result in a cybersecurity cost decrease of 25 percent.
The “heuristic economic model” created by RAND identifies key factors and decisions that influence the cost of cyber-risk to organizations. Although the study only interviewed 18 chief information security officers, the examination was in-depth and used the capabilities of the RAND National Security Research Division which conducts research and analysis for US defense, foreign policy, homeland security and intelligence communities.
With the cost of data breaches and cybercrime expected to top $2 trillion by 2019, any research that attempts to nail down the cost factors involved with cybersecurity is important.
“The security industry has struggled to understand the dynamics that influence the true cost of security risks to business,” said Sherry Ryan, chief information security officer, Juniper Networks. “Through Juniper Networks’ work with the RAND Corporation, we hope to bring new perspectives and insights to this continuous challenge. What’s clear is that in order for organizations to turn the table on attackers, they need to orient their thinking and investments toward managing risks in addition to threats.”
Another factor that can help decrease cybersecurity costs is investment in employees. “Companies can benefit greatly in making people-centric security investments, such as technologies that help automate security management and processes, advanced security training for employees, and hiring additional security staff,” the company said.
The RAND model finds that organizations with very high levels of security diligence can curb costs of managing security risks by 19 percent in the first year and 28 percent by the tenth year, as compared to organizations with very low diligence.
Cybersecurity has been a huge focus the last several months. Even with the funding and capabilities of the US government behind them, the Japanese and US government suffered major breaches in the last week. The president had a strong focus on cybersecurity so far this year with a $14 billion dollar 2016 budget for cybersecurity, the ability to impose sanctions on cyberattackers, an executive order to promote threat sharing and the establishment of a dedicated cyberthreat center.