eupolicy.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
This Mastodon server is a friendly and respectful discussion space for people working in areas related to EU policy. When you request to create an account, please tell us something about you.

Server stats:

226
active users

#cyberrisk

0 posts0 participants0 posts today
Wade Baker<p>Is your organization now more or less likely to experience a significant <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> event than it was 10y ago?</p><p>Well, that depends. Let's look at some data from Cyentia Institute's recent 2025 Information Risk Insights Study (IRIS).</p><p>The chart below depicts the annualized incident probability for firms in each revenue tier. I won't go into the details here of how we modeled this, but the methodology appendix in the report does get into that (link below). And if you want even more detail, Joran Elias has an excellent blog post for Cyentia Institute members (free account). For now, just assume we've used many incidents over many years to model the probabilities you see here.</p><p>From the chart, you can see why I say "that depends" to the lead question. The probability of a &lt;$100M firm suffering a <a href="https://infosec.exchange/tags/securityincident" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securityincident</span></a> has more than doubled, while the chance of a $100B+ megacorporation having an event has dropped by a third over the same time frame. Meanwhile, incident probability for organizations in $1B to $100B range have remained relatively static.</p><p>Unfortunately, our dataset is silent on the underlying factors behind these <a href="https://infosec.exchange/tags/cyberevent" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyberevent</span></a> trends, but we can engage in some informed speculation. And LinkedIn is the perfect platform for it. I'll start. </p><p>To me, this chart hammers home Wendy Nather's concept of the security poverty line. Giant corporations with their giant budgets to hire the best people, buy the best technology, and implement the best processes, are finding success. But the pace of digitalization has outpaced SMBs’ ability to defend their growing attack surfaces and mitigate <a href="https://infosec.exchange/tags/cyberrisk" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyberrisk</span></a> .</p><p>I have many other thoughts regarding the factors underlying what we see here, but I'd rather hear from you. What do you see as key contributors?</p><p>****<br>Get the IRIS 2025 here: <a href="https://www.cyentia.com/iris2025/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">cyentia.com/iris2025/</span><span class="invisible"></span></a></p><p>You'll have the option to just download it or get it or join Cyentia's free membership program for the report plus a bunch of bonus analytical content.</p>
Wade Baker<p>Are <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> incidents growing more costly? </p><p>Cyentia Institute's recent Information Risk Insights Study points to a 15-fold increase in the cost of <a href="https://infosec.exchange/tags/incidents" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>incidents</span></a> and <a href="https://infosec.exchange/tags/databreaches" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>databreaches</span></a> over the last 15 years. </p><p>The chart on the left shows the distribution of known/reported financial losses from incidents across the time period of the study. The typical (median) incident costs about $600K, while more extreme (95th percentile) losses swell to $32M. Note that the chart uses a log scale, so the tail of large losses is a lot longer than it appears.</p><p>The chart on the right trends the escalating costs of cyber events over time. Median losses from a security incident have absolutely exploded over the last 15 years, rising 15-fold from $190K to almost $3 million! The cost of extreme events has also risen substantially (~5x). So, yeah—cyber events are definitely growing more costly. </p><p>That said, this picture looks a lot different among different types and sizes of organizations. How are financial losses and other <a href="https://infosec.exchange/tags/cyberrisk" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyberrisk</span></a> factors trending for orgs like yours? </p><p>Download the full IRIS 2025 to find out! <br>Free with no reg req'd - though you can join Cyentia's free membership forum for bonus analytical content related to the report.</p><p><a href="https://www.cyentia.com/iris2025/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">cyentia.com/iris2025/</span><span class="invisible"></span></a></p>
LMG Security<p>AI is the new attack surface—are you ready?</p><p>From shadow AI to deepfake-driven threats, attackers are finding creative ways to exploit your organization’s AI tools, often without you realizing it.</p><p>Watch our new 3-minute video, How Attackers Target Your Company’s AI Tools, for advice on:</p><p> ▪️ The rise of shadow AI (yes, your team is probably using it!)<br> ▪️ Real-world examples of AI misconfigurations and account takeovers<br> ▪️ What to ask vendors about their AI usage<br> ▪️ How to update your incident response plan for deepfakes<br> ▪️ Actionable steps for AI risk assessments and inventories</p><p>Don’t let your AI deployment become your biggest security blind spot.</p><p>Watch now: <a href="https://youtu.be/R9z9A0eTvp0" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">youtu.be/R9z9A0eTvp0</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/AIsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AIsecurity</span></a> <a href="https://infosec.exchange/tags/ShadowAI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ShadowAI</span></a> <a href="https://infosec.exchange/tags/Deepfakes" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Deepfakes</span></a> <a href="https://infosec.exchange/tags/AItools" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AItools</span></a> <a href="https://infosec.exchange/tags/CyberRisk" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberRisk</span></a> <a href="https://infosec.exchange/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AI</span></a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/SMB" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SMB</span></a> <a href="https://infosec.exchange/tags/CEO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CEO</span></a> <a href="https://infosec.exchange/tags/IncidentResponse" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IncidentResponse</span></a> <a href="https://infosec.exchange/tags/GenAI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GenAI</span></a> <a href="https://infosec.exchange/tags/DataPrivacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DataPrivacy</span></a> <a href="https://infosec.exchange/tags/Cyberaware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cyberaware</span></a> <a href="https://infosec.exchange/tags/CISO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CISO</span></a></p>
LMG Security<p>Only one week left to register for our next Cyberside Chats Live event! Join us June 11th to discuss what happens when an AI refuses to shut down—or worse, starts blackmailing users to stay online?</p><p>These aren’t science fiction scenarios. We’ll dig into two real-world incidents, including a case where OpenAI’s newest model bypassed shutdown scripts and another where Anthropic’s Claude Opus 4 generated blackmail threats in an alarming display of self-preservation.</p><p>Join us as we unpack:<br>▪ What “high-agency behavior” means in cutting-edge AI<br>▪ How API access can expose unpredictable and dangerous model actions<br>▪ Why these findings matter now for security teams<br>▪ What it all means for incident response and digital trust</p><p>Stick around for a live Q&amp;A with LMG Security’s experts <span class="h-card" translate="no"><a href="https://infosec.exchange/@sherridavidoff" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>sherridavidoff</span></a></span> and <span class="h-card" translate="no"><a href="https://infosec.exchange/@MDurrin" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>MDurrin</span></a></span>. This session will challenge the way you think about AI risk!</p><p>Register today: <a href="https://www.lmgsecurity.com/event/cyberside-chats-live-june2025/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">lmgsecurity.com/event/cybersid</span><span class="invisible">e-chats-live-june2025/</span></a></p><p><a href="https://infosec.exchange/tags/CybersideChats" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CybersideChats</span></a> <a href="https://infosec.exchange/tags/AIsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AIsecurity</span></a> <a href="https://infosec.exchange/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AI</span></a> <a href="https://infosec.exchange/tags/RiskManagement" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RiskManagement</span></a> <a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/IT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IT</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a> <a href="https://infosec.exchange/tags/CyberRisk" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberRisk</span></a> <a href="https://infosec.exchange/tags/CISO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CISO</span></a> <a href="https://infosec.exchange/tags/Cyber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cyber</span></a> <a href="https://infosec.exchange/tags/Tech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tech</span></a> <a href="https://infosec.exchange/tags/CYberaware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CYberaware</span></a> <a href="https://infosec.exchange/tags/SMB" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SMB</span></a> <a href="https://infosec.exchange/tags/CEO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CEO</span></a></p>
Pen Test Partners<p>🚫 No fire detection means no going to sea.<br>If you're running the Consilium Safety CS5000 fire panel on board, hardcoded credentials could let an attacker shut it down remotely.<br>&nbsp;<br>As a result, if the system is taken offline, your vessel could be detained, lose its class certification, or be prevented from sailing altogether.<br>&nbsp;<br>There is no patch available. The vendor has stated they won’t fix the issue unless cybersecurity was part of your original contract.<br>&nbsp;<br>If your panel was installed before July 2024, it likely wasn’t designed with modern cybersecurity in mind.<br>&nbsp;<br>Andrew Tierney explains how we discovered the vulnerability, its implications for operators, and the steps you can take to mitigate the risk.<br>&nbsp;<br>📌&nbsp;Read here: <a href="https://www.pentestpartners.com/security-blog/fire-detection-system-been-pwned-youre-not-going-to-sea/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">pentestpartners.com/security-b</span><span class="invisible">log/fire-detection-system-been-pwned-youre-not-going-to-sea/</span></a><br>&nbsp;<br><a href="https://infosec.exchange/tags/MaritimeCyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MaritimeCyberSecurity</span></a> <a href="https://infosec.exchange/tags/VulnerabilityResearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VulnerabilityResearch</span></a> <a href="https://infosec.exchange/tags/OTSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OTSecurity</span></a> <a href="https://infosec.exchange/tags/FireDetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FireDetection</span></a> <a href="https://infosec.exchange/tags/CyberRisk" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberRisk</span></a></p>
The Linux Foundation<p>How is open source shaping financial services?<br>LF Research, FINOS, GitHub, and Scott Logic want want your input!</p><p>💬 Take the 2025 State of Open Source in Financial Services Survey (~10 min)</p><p>🔗 <a href="https://www.research.net/r/RP3VQCV" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">research.net/r/RP3VQCV</span><span class="invisible"></span></a><br><a href="https://social.lfx.dev/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSource</span></a> <a href="https://social.lfx.dev/tags/Fintech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Fintech</span></a> <a href="https://social.lfx.dev/tags/OSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OSS</span></a> <a href="https://social.lfx.dev/tags/Finance" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Finance</span></a> <a href="https://social.lfx.dev/tags/DevOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DevOps</span></a> <a href="https://social.lfx.dev/tags/CyberRisk" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberRisk</span></a></p>
Bryce Kunz<p>Mind-boggling stat: The average data breach can cost a company $4.8 MILLION! 🤯 Yet, many businesses are still "flying blind" when it comes to quantifying their cyber risk. Time to get those AI-powered dashboards. <a href="https://infosec.exchange/tags/CyberRisk" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberRisk</span></a> <a href="https://infosec.exchange/tags/TechNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TechNews</span></a><br><a href="https://archive.is/xggyX" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">archive.is/xggyX</span><span class="invisible"></span></a></p>
Marco Ciappelli🎙️✨:verified: :donor:<p>🎙️ In this On Location conversation recorded during <a href="https://infosec.exchange/tags/RSAC2025" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RSAC2025</span></a>, attorney, investor, and strategic advisor Yair Geva shares a global perspective shaped by years of legal counsel, venture investing, and deal-making across Israel, Europe, and the U.S.</p><p>Geva offers unique insight into how cybersecurity, AI, and mergers and acquisitions are not only intersecting — but actively reshaping the <a href="https://infosec.exchange/tags/tech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tech</span></a> ecosystem.</p><p>🚀 New Conversation from <a href="https://infosec.exchange/tags/RSAC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RSAC</span></a> 2025: From Term Sheets to Trust — What Mergers and Acquisitions Trends Reveal About Cybersecurity’s Future</p><p>At RSA Conference 2025, Sean Martin, CISSP and Marco Ciappelli sat down with Yair Geva for a candid conversation about how cybersecurity risk is becoming a defining factor in mergers and acquisitions and much more.</p><p>🔐 What are buyers and investors really looking for today — and how does <a href="https://infosec.exchange/tags/cyberresilience" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyberresilience</span></a> now play into deal-making and company valuations?</p><p>Find out how trust, transparency, and security are reshaping the future of mergers and acquisitions.</p><p>🎙️ Watch, listen, or read the full conversation here:<br>👉 <a href="https://www.itspmagazine.com/their-stories/from-term-sheets-to-trust-what-mergers-acquisitions-trends-reveal-about-cybersecuritys-future-an-on-location-rsac-conference-2025-conversation-with-yair-geva" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">itspmagazine.com/their-stories</span><span class="invisible">/from-term-sheets-to-trust-what-mergers-acquisitions-trends-reveal-about-cybersecuritys-future-an-on-location-rsac-conference-2025-conversation-with-yair-geva</span></a></p><p>🛰️ See all our RSAC 2025 coverage:<br>👉 <a href="https://www.itspmagazine.com/rsac25" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">itspmagazine.com/rsac25</span><span class="invisible"></span></a></p><p>🌟 Discover more On Location Conversations, Brand Stories, and Briefings:<br>👉 <a href="https://www.itspmagazine.com/brand-story" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">itspmagazine.com/brand-story</span><span class="invisible"></span></a></p><p>🎥🎙️ This is just one of the many incredible conversations we recorded On Location in San Francisco, as Sean Martin and Marco Ciappelli covered the event as official media partners for the 11th year in a row.</p><p>Stay tuned for more insights, stories, and real conversations from RSAC 2025!</p><p>🎤 Looking ahead:<br>If your company would like to share your story with our audiences On Location, we’re gearing up for Infosecurity Europe in June and Black Hat USA in August!<br>⚡ RSAC 2025 sold out fast — we expect the same for these next events.<br>🎯 Reserve your full sponsorship or conversation now: <a href="https://www.itspmagazine.com/purchase-programs" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">itspmagazine.com/purchase-prog</span><span class="invisible">rams</span></a></p><p><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/infosecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosecurity</span></a> <a href="https://infosec.exchange/tags/technology" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>technology</span></a> <a href="https://infosec.exchange/tags/tech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tech</span></a> <a href="https://infosec.exchange/tags/society" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>society</span></a> <a href="https://infosec.exchange/tags/business" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>business</span></a> <a href="https://infosec.exchange/tags/mergersandacquisitions" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mergersandacquisitions</span></a> <a href="https://infosec.exchange/tags/cyberrisk" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyberrisk</span></a> <a href="https://infosec.exchange/tags/cyberresilience" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyberresilience</span></a> <a href="https://infosec.exchange/tags/RSAC2025" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RSAC2025</span></a></p>
Mr Tech King<p>UK cyber trends: Phishing leads, ransomware doubles. While small biz boost defenses, fewer boards have cyber experts making security investment harder. A risky gap? <a href="https://mastodon.social/tags/CyberRisk" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberRisk</span></a> <a href="https://mastodon.social/tags/UKGov" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UKGov</span></a> <a href="https://mastodon.social/tags/TechNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TechNews</span></a></p>
PolySécure NLF<p>🎙️ Nouveau Podcast <a href="https://social.polysecure.ca/tags/Cybers%C3%A9curit%C3%A9" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersécurité</span></a> : Rétrospective 2024 avec Vincent Groleau</p><p>3 sujets brûlants analysés :<br>• L'incident Crowstrike de l'été<br>• L'impact de l'IA sur la sécurité<br>• L'évolution du Cloud post-pandémie</p><p>Un regard expert sur les défis qui nous attendent en 2025 et les leçons à tirer de 2024.</p><p>🎧 Web: <a href="https://bit.ly/41TL7pt" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">bit.ly/41TL7pt</span><span class="invisible"></span></a><br>🎧 Spotify: <a href="https://spoti.fi/4gCixh5" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">spoti.fi/4gCixh5</span><span class="invisible"></span></a><br>🎧 YouTube: <a href="https://bit.ly/4gDDCrj" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">bit.ly/4gDDCrj</span><span class="invisible"></span></a> </p><p><a href="https://social.polysecure.ca/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://social.polysecure.ca/tags/Tech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tech</span></a> <a href="https://social.polysecure.ca/tags/Cloud" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cloud</span></a> <a href="https://social.polysecure.ca/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AI</span></a> <a href="https://social.polysecure.ca/tags/CyberRisk" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberRisk</span></a></p>
Wade Baker<p>Cyber risk is not evenly distributed across users in your workforce. In fact, it's very lopsided. A large majority of risk events in your organization probably tie back to a relatively small population of users.</p><p>The attached figures provide some stats supporting that statement:</p><p>- Just 1% of users are behind 44% of all clicked phishing emails. 5% of users are responsible for 83.4% of all clicks.</p><p>- 1% of users are behind 92% of all malware events! 5% of users are responsible for ALL malware events. The remaining 95% had a clean record.</p><p>I don't think the proper response to these statistics is to grab torches and pitchforks and go round up these users to purge them from among us. Rather, these results present an opportunity to have a big impact on risk reduction by doing more focused/effective job of educating, incentivizing, and influencing the behavior we want to see among users.</p><p>Full report "Exposing Human Risk" from Mimecast and Cyentia Institute is available here (no reg req'd): <a href="https://assets.mimecast.com/api/public/content/mimecast-exposing-human-risk" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">assets.mimecast.com/api/public</span><span class="invisible">/content/mimecast-exposing-human-risk</span></a></p><p><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/cyberrisk" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyberrisk</span></a> <a href="https://infosec.exchange/tags/insiderthreat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>insiderthreat</span></a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malware</span></a> <a href="https://infosec.exchange/tags/phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>phishing</span></a></p>
Wade Baker<p>Which industries are hit hardest by ransomware?</p><p>Well, that depends on what you mean by "hit hardest." Do you mean which industries most often suffer ransomware attacks/incidents? Or which ones are the most impacted financially? </p><p>Regardless of which dimension is top of mind for you, I have good news: this chart from the Cyentia Institute's latest edition of the Information Risk Insights Study (sponsored by CISA) offers a view of both. It plots each sector according to the share of incidents and publicly-known losses over the last five years attributed to ransomware.</p><p>If frequency and losses were perfectly correlated, sectors would lie on or near the dashed line. In general, that’s not the pattern we see here. Instead, we see industries that are disproportionately impacted by ransomware relative to event frequency (e.g., Healthcare, Hospitality), while the opposite is true for others (e.g., Financial, Professional). A myriad of factors contribute to the placement of sectors in Figure 14, but the targeting strategy of ransomware gangs is likely a major driver among them. </p><p>So, back to the original question - does this sync with your expectations on ransomware-ravaged industries?</p><p>Link to download the study (no registration required): <a href="https://www.cyentia.com/iris-ransomware/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">cyentia.com/iris-ransomware/</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ransomware</span></a> <a href="https://infosec.exchange/tags/cyberrisk" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyberrisk</span></a> <a href="https://infosec.exchange/tags/cyberattacks" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyberattacks</span></a> <a href="https://infosec.exchange/tags/incidents" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>incidents</span></a> <a href="https://infosec.exchange/tags/cyberresilience" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyberresilience</span></a></p>