skip to navigation skip to content

Centre for Risk Studies and BitSight partner on cybersecurity economics

The Centre for Risk Studies and BitSight today announced a new research partnership that will analyse the relationship between organisational cybersecurity investments and risk reduction.

Cybersecurity economics.

The partnership combines security programme investment costs, BitSight’s cybersecurity performance data, and the Centre’s sophisticated risk and incident modelling in order to help organisations evaluate security and risk management decisions and measure the efficacy of their investments in reducing risk.

The partnership comes at a critical time for security professionals to demonstrate the value of their investments to senior leaders. In spite of record spending on cybersecurity technology in 2021, cyber attacks continue to escalate and cause massive financial damage to organisations across all sizes and sectors. Security and risk professionals face growing pressure from executives and boards to quantify the effectiveness of their investments in reducing risk.

Jacob Olcott, BitSight’s Vice President of Communications and Government Affairs said, “For far too long, organisational cybersecurity decisions and investments have been influenced by fear and marketing. It is critical for security and risk professionals to leverage data analysis in strategic decision making. This partnership will produce unique and valuable research to help leaders consider the financial costs and risk reduction benefits of their cybersecurity strategies. We are proud to work closely with the Cambridge Centre for Risk Studies to develop research that will benefit the global risk community.”

Andrew Coburn.
Dr Andrew Coburn

Dr Andrew Coburn, Chief Scientist, Centre for Risk Studies, said, “Our work with BitSight will start to integrate quantitative data into the discussion to take the guesswork out of cybersecurity management. This partnership will explore how to reduce the impact of cybersecurity breaches and enable organisations to assess and compare alternative cyber loss reduction strategies on an objective basis to evaluate the effectiveness and value of security expenditure.”