Book Launch: Solving Cyber Risk

event calendar icon

8 Jan 2019

17:30 -20:00

21 Feb 2019

17:30 -20:00

26 Feb 2019

18:00 -20:30

28 Feb 2019

18:00 -20:30

Times are shown in local times.

Open to: All

event map pin icon

Various locations

Cambridge (8 Jan)

London (21 Jan)

New York (26 Feb)

Washington DC (28 Feb)

Overview

Cambridge Centre for Risk Studies has been a leading pioneer of research into cyber as an emerging risk. Now a new book from researchers at the Centre sets out a risk management framework for considering cyber risk to any individual organisation, and the principles involved in protecting society from cyber threat.

Launch events will include a presentation by the 3 authors on content from the book, followed by a networking reception. The authors will be available to sign copies of the book.

Books can be ordered in advance for collection at the launch events, with a discount of 15% at £32.29 (UK RRP £37.99) or $42.46 (US RRP $49.95).

A limited number of books will also be available for purchase at the event, with a discount of 10% at £34.19 or $44.96.

The threat of cyber attack is a growing concern for everyone who uses the internet. It cost the global economy half a trillion dollars a year, nearly 2% of total economic output. Data shows that over 1% of large businesses experience a major loss from a cyber event each year. And the problem is global, with attacks being reported in over 180 countries.

The threat comes from seven main categories of cyber attackers working anonymously in the black economy. Each has their own objectives, capabilities, methods of working, and business model. Understanding how these threat actors could target your organisation is vital. In solving cyber risk, three authors with extensive experience in cybersecurity and risk management analysis demystify the processes of how cyber causes loss and the principles of keeping this risk manageable.

Risk is the chance of loss. What we do in this book is to present a framework for quantifying the losses from cyber attacks and to estimate the likelihood of them.

The costs and benefits of investments in cybersecurity are not obvious unless you follow a risk management framework.

And what is really interesting and fascinating is that the most cost-effective cybersecurity measures are not necessarily what you think they are.

Assessing the potential impact of different scenarios on your organisation before they occur enables you to set your loss tolerance for cyber attacks.

It’s definitely worth estimating what different types of cyber attack scenarios could do to an organisation and just how likely they are. In the book, we set out some management exercises that help people think through the impact, a potential impact on their business, and just the effectiveness of different security strategies.

In addition to solving the cyber risk for individual organisations, it is important to consider the fundamental causes of cyber risk.

Cyber risk exists principally because hardware and software have errors. Some of those errors can be vulnerabilities. Some of those vulnerabilities can be exploited. And those exploits lead to the cyber risk. These are the ghosts in the code.

Vulnerabilities in software are a major issue for cyber risk. Funding and patching vulnerabilities is critical to reducing the risk.

These vulnerabilities are hunted for by malicious actors. And they use them to accomplish a lot of the problems of cyber risk. So there’s sort of an arms race for us to find them quicker than the bad guys do.

The problem is that there is a lot of this code that’s being written for the Internet of Things. And those products are getting out there very quickly. And they pose a safety risk and a security risk and a privacy risk to all of us.

The problem doesn’t end there. Even when software companies produce a patch that closes a vulnerability, companies are often slow to instal it. Cyber risk is a problem for the whole of society. It affects us all.

Cyber risk poses a threat not just to our businesses, but also to our economy, our democracy, and our continued way of life.

Cyber attacks could also trigger even greater crises for our society.

So we estimate there’s about a 1 in 100 chance each year of a cyber attack that could cost more than $1 trillion to the global economy.

It is not enough for every company to protect itself. We need to tackle cyber risk across the board.

We need to address cyber risk by coming up with a number of strategies.

The technology industry in general needs to sell safe, secure, private software or hardware. And it needs to make that transparent to everyday users so they can make sensible risk decisions.

It’s important that companies adopt a cyber safety culture. And it’s also important they adopt cyber security best practise.

There’s a need to upgrade law enforcement to meet the needs of the cyber age.

We need to destroy the business model for cyber threat actors and make alternative career choices more attractive.

In a way, cyber problems are too big for any one organisation to solve on their own, or even one country. We’ve known for many years that it needs a cross-border collaboration and international institutions to coordinate this global problem.

These changes will require significant political will, investment, and changes to the way we do things now. But the changes are needed. Cyber risk is a problem that affects everyone. Together, and only together, can we solve cyber risk.

Read video transcript

Book summary

Solving cyber risk cover.

Coburn, A., Leverett, É. and Woo, G. (January 2019) Solving Cyber Risk: Protecting Your Company & Society. Wiley.

Hardback retail price: $49.95/£37.99

Cyber risk presents a clear and present danger to the functioning of our society and the well being of our economy. Information technology has played a major role in boosting economic growth for the advanced economies, but it now threatens the prosperity it created. Using data compiled over many years of analysing cyber risk and working with companies battling on the front line of cyber risk management, the authors of Solving Cyber Risk estimate that cyber losses cost over $1.5 trillion a year to the global economy – eroding a steady tax of around 2% on our economic output. Cyber attacks could trigger massive economic shocks of potentially trillions of dollars. State-sponsored cyber attacks on each other’s countries threatens democracy and geopolitical stability.

Solving this risk will not be easy, but the authors dissect the problem. They review the role that companies can play in improving their own cyber security and cyber threat awareness. They characterise the principal causes of cyber loss and explain the best methods of combating them. They show that the production of software produces inherent exploitable vulnerabilities, and discuss methods of reducing them at source. They profile the black market of malicious cyber hackers and their ‘business models’, showing that they can be combated by changing the calculus of their reward systems. They argue that law enforcement, regulation, and litigation systems need radical overhaul to meet the new threat. They highlight the role of government and policy-makers in making us safer.

The authors apply techniques of risk assessment – analysing the likelihood and severity of loss – to assess the costs and benefits of cyber risk management. They provide practical exercises for companies to improve their cyber risk management cost-effectively.

Cyber is an unprecedented threat. It will need radically new approaches to solving this risk. This book proposes that we need to take a fresh view at cyber risk, and not be afraid of challenging orthodox approaches.

Download the writers’ presentations

Book tour

8 January 2019

Cambridge, UK

Lecture Theatre 2 and Common Room, Cambridge Judge Business School, University of Cambridge, CB2 1AG

17:30 – 18:00

Registration drinks

18:00 – 18:05

Welcome address

Cambridge Centre for Risk Studies

18:05 – 18:45

Presentations from Solving Cyber Risk authors

  • Gordon Woo, A Risk Management Framework for Cyber Security
  • Eireann Leverett, Demystifying Vulnerabilities and Exploits
  • Andrew Coburn, Solving Cyber Risk

18:45 – 20:00

Networking reception and book signing

21 February 2019

London, UK

Aon, The Leadenhall Building, 122 Leadenhall St, London EC3V 4AN

17:30 – 18:00

Registration drinks

18:00 – 18:05

Welcome address

Aon

18:05 – 18:45

Presentations from Solving Cyber Risk authors

  • Gordon Woo, A Risk Management Framework for Cyber Security
  • Eireann Leverett, Demystifying Vulnerabilities and Exploits
  • Andrew Coburn, Solving Cyber Risk

18:45 – 20:00

Networking reception and book signing

26 February 2019

New York, US

The Beekman Hotel, 123 Nassau St, New York, NY 10038

18:00 – 18:30

Registration drinks

18:30 – 18:35

Welcome address

RMS

18:35 – 19:15

Presentations from Solving Cyber Risk authors

  • Gordon Woo, A Risk Management Framework for Cyber Security
  • Eireann Leverett, Demystifying Vulnerabilities and Exploits
  • Andrew Coburn, Solving Cyber Risk

19:15 – 20:30

Networking reception and book signing

28 February 2019

Washington DC, US

Brunswick Group, 600 Massachusetts Avenue, NW. Suite 350. Washington, DC

18:00 – 18:30

Registration and book signing

18:30 – 18:40

Welcome address

Dante Disparte, Founder and CEO, Risk Cooperative

Dr Michelle Tuveson, Executive Director, Centre for Risk Studies

18:40 – 19:20

Presentations from Solving Cyber Risk authors

  • Gordon Woo, A Risk Management Framework for Cyber Security
  • Eireann Leverett, Demystifying Vulnerabilities and Exploits
  • Andrew Coburn, Solving Cyber Risk

19:20 – 19:50

Panel Discussion and Q/A: Cyber Risk Resilience

19:50 – 20:00

Closing remarks and conclusion

Simon Ruffle, Director of Research and Innovation

Dante Disparte, Founder and CEO, Risk Cooperative

20:00 – 20:30

Networking reception and book signing

Editorial reviews

On release, Solving Cyber Risk reached number five on the Amazon best seller list for books in the category of Risk Management. It is now available for purchase from Amazon and all reputable book sellers. 

Solving Cyber Risk brings a technical subject to life using entertaining and poignant parallels to historical warfare. It also makes a compelling argument for the use of counterfactual analysis of past cyber events, to help us protect the digital economy from the cyber aggressors of the future. The authors make the case for cyber resilience and give business leaders practical advice to embed cyber-aware culture in their organisation.

Domenico del Re, Director, PricewaterhouseCoopers

Before we can begin to address the serious risks that accompany the modern world’s increasing dependence on networked computer systems we have to understand them, and this is the key achievement of Solving Cyber Risk. Anyone reading the book will come away better able to assess, quantify, and reduce the risks faced by their business.

Bill Thompson, Technology writer and BBC presenter

Is your organisation cyber-resilient? Are your services? Are you? Starting from practical assessments of how a security breach could damage the organisation, this comprehensive review of the current risk landscape will tell you why it matters, how to assess your own performance, and how to improve it.

Andrew Cormack, Former Computer Security Incident Response Team (CSIRT) manager

The essential handbook for anyone that wants to understand the cyber risks facing their business. The authors draw on decades of experience in cyber, insurance and modelling to provide the essential context for the range of potential threats and losses, today and in the future, providing real life case studies and practical advice for assessing and managing the risks.

Matthew Grant, Founder and Executive Director, Abernite

Whoever feels overwhelmed by the sheer amount of unsorted information – around cyber risk, the uncertainties of managing this risk and its questioned insurability (which I do not share) – should read this book. It helps to ringfence the key issues by classifying, weighting and prioritising cyber related decisions. It is good for IT security professionals to get familiar with risk management framework and it is equally helpful for risk management professionals to break down the complexity of ‘cyber’ and focus on the essentials.

Simon Dejung, Senior Underwriter, SCOR

Author, Andrew Coburn, was interviewed on Cyentia Podcast regarding Solving Cyber Risk

Read ‘Solving Cyber Risk: Explaining Technical Issues of Cyber in an Accessible Way’ by Chad Hemenway in Advisen Front Page News

Listen to the BBC Click (World Service Radio) interview with Andrew Coburn.  Starts 13m 45s

Cyber risk is a top priority for companies business today. The digital economy requires companies to safeguard a wealth of sensitive information that can make hackers a fortune and ruin both a business and victims’ lives. Solving Cyber Risk demystifies the threat of cyber attacks and guides businesses in implementing the most cost- effective methods of reducing risk.

In this practical, non-technical guidebook, three global thought leaders on cyber risk show businesses how to use risk management principles to lock down their cyber security. Written specifically for business professionals and policy-makers, this single resource covers everything from the fundamentals of cyber crime to the roles of information security officers and risk managers. Improve cyber resilience by using this powerful guide to:

  • Assess the latest vulnerabilities in software, industrial control systems and devices
  • Gain an understanding of the regulatory and legal landscape and law-enforcement processes
  • Make informed decisions about the costs and benefits of cyber resilient strategies, including key trends in cyber insurance

Avoiding cyber attacks isn’t an option – businesses can prepare to protect themselves and their clients with Solving Cyber Risk.

Photos from the Cambridge event

View the photo album on Flickr

Top