Spotlight
15 Sep 2021
The Anatomy of Cyber RiskWouldn’t it be great to have an overview of how countries across the globe differ in their exposure to cyber risk? This research piece provides the answer by analysing quarterly earnings calls of more than 12,500 companies.
15 Sep 2021
What is the Dark Web and Why Does It Matter for Cybersecurity?When we read about yet another data breach, we often hear about personal data appearing in the Dark Web – a mysterious substrata of the internet that is often used for illicit purposes. But what exactly is it, and how does it relate to cybersecurity?
15 Sep 2021
The SEC Is Serious About Cybersecurity. Is Your Company?Regulators are tightening their grip on improper handling of cyber breaches. The Security Exchange Commission now regards cyber risk as an existential risk to business. How can companies avoid big fines?
18 Aug 2021
Organisational Cyber Maturity: A Survey of IndustriesSome companies are more mature in their cybersecurity capabilities than others. But are companies that do well in cybersecurity also more profitable? A McKinsey survey shines light on differing maturity levels of companies and explores the correlation between cybersecurity maturity and profitability.
18 Aug 2021
Inside a Sophisticated Cyberattack – “Sygnia, Praying Mantis: An Advanced Memory-Resident Attack”We’ve all read or heard about these “sophisticated cyberattacks” that many companies suffer, such as SolarWinds, Kaseya, or NotPetya. But how does a sophisticated cyberattack actually look like? Recent research from Israeli cybersecurity firm Sygnia takes us inside a sophisticated cyberattack.
18 Aug 2021
3 Strategies to Secure Your Digital Supply ChainAlmost every company relies on software provided by a vendor. But those vendors will often use software code that they themselves haven’t written, but rather imported from other vendors or open-source libraries. Such complexity introduces vulnerabilities. How can companies secure their digital supply chains?
14 Jul 2021
Addressing Third Party Cyber Risk: Moving Beyond a False Sense of SecurityBusinesses don’t operate in isolation. That makes them vulnerable to supply chain cybersecurity risk. NotPetya, SolarWinds, and Kaseya are all examples of supply chain cyberattacks. But what can we do about them?
14 Jul 2021
Mis-spending on information security measures: Theory and experimental evidenceEvidence suggests that companies tend to overinvest in preventive measures while neglecting to invest in preparing to respond. But the reasons for this were speculative – until now.
14 Jul 2021
Predictable Surprises: The Disasters You Should Have Seen ComingNo one comes to work expecting a cyberattack, which makes them feel random, or unpredictable. But in reality, cyberattacks are predictable surprises – disasters you should see coming. What can be done to anticipate such predictable surprises?
11 Jun 2021
Ransomware: Should paying hacker ransoms be illegal?It seems as if we are living in a ransomware ‘epidemic’. Ransomware is a specific type of malware that encrypts data and systems and asks for a payment (the ransom) for the release of decryption keys.