Posts Tagged ‘Cyber’

Cyber Effectiveness and the CED KPI

Thursday, November 22nd, 2018

Cyber effectiveness and the CED KPI - and its Cyber Event Days Key Performance Indicator - are inextricably linked with one another.

Improving one improves the other - CED improvements result in better cyber effectiveness.

In fact it is Cyber Event Days - the KPI - which reveals the diagnostic of what to do next to improve the effectiveness of Cyber programs, but if only you know what to look for and how to use it.

  • For some, CED KPI measures are in the low single digits.
  • For others CED measures are in the tens-of-thousands.
  • But for most, CED measures are mostly between the two extremes.

So what is this CED (Cyber Event Days) KPI?


The Top 15 Cyber Spending Countries

Wednesday, October 3rd, 2018

Do you know which are the top 15 Cyber Spending Countries of the world?

We did not know the answer to the question prior to completing our most recent research.

But now we know.

And we have to say we are a bit surprised at some of the answers.

We are especially in awe of the differences in spend on cyber by Country.

But it is not just spend by country that is instructive to look at, it is also spend by region of the world that is illuminating.

Some of our findings from our most recent cyber spend research include the following:


Cyber’s ESD Operating Model – Balancing Risk-Reward for the Digital Value Chain

Thursday, June 28th, 2018

Cyber's ESD Operating Model (Eco Stack Defense) is a balancing act – with real world consequences – played out every day by organizations around the world.

For enterprises with the least effective cyber security results, the ESD Eco Stack is an unknown, unseen and unused operating model. For those with the most effective results, Cyber's ESD is standard operating procedure.

Where do you fit?

Wellington’s ongoing research reveals global population breakouts of 20 percent at the bottom, 68 percent in the middle, and 12 percent at the top, going from least to most cyber effective.

Whether you are in the bottom, in the middle, or at the top, understanding and improving your ESD Eco Stack effectiveness is the same thing as becoming more cyber effective.

Read further to discover what Cyber’s ESD Eco Stack is, why it’s important, and what you should consider doing about it.


Cyber’s CDA Operating Model – Both Ends Against the Middle

Friday, June 15th, 2018

For Cyber security, Cyber's CDA Operating Model is, in practice, both ends operating against the middle.

Both ends of CDA are focused on one thing, and one thing only: appropriate controls to manage the risk of using digital.

In the case of CDA, one of its ends consists of all the activities focused on prevention, while those at the other end are focused on improvement.

Stuck in the middle are all the activities focused on detection.

The effectiveness of any enterprise cyber program is measured by how quickly the turn-around time is from one end of CDA to the other end.

Reducing this time close to zero – which can be approached but like any asymptote is impossible to achieve – is a sine-qua-non for cyber security.

Effective cyber security managers do CDA better than others, and those who keep the dance between its two ends in harmony are among industry leaders.


Lots and Lots of Cyber Security Companies

Sunday, June 3rd, 2018

There are lots and lots of cyber security companies.

Did I say there are lots of them?

There are lots and lots of cyber security companies

We are compiling data on cyber security companies, and we recently passed more than 800 such companies. We are still counting.

The more we dig into this segment of the digital landscape, the more we find unseen numbers of cyber security companies around the world. Locating one or two leads to finding another five to ten cyber security companies we had not been seen before.

As we continue to survey the number of companies delivering cyber security services, products, subscriptions and managed - fixed fee - services, we are amassing troves of information.

For example, we've found the following:

  • 10 percent of cyber security companies are pure startups with fewer than 10 employees and less than $1 million in revenue
  • Another 10 percent of cyber security companies are established companies with more than 1,000 employees and more than $250 million in revenue
  • The other 80 percent of cyber security companies fall somewhere between these two with between 10 employees and 1,000, and between $1 million and $250 million in revenue


Cyber Security Operating Models and Cyber Effectiveness

Monday, May 21st, 2018

Cyber Security Operating Models and Cyber Effectiveness.

Operating Models for Cyber Security

An operating model involves all the resources available to an organization to operate: it is used to express how companies deliver value to stakeholders and customers, it beneficiaries, and how organizations are structured to operate day-to-day.

As such, operating models are an expression of the effectiveness and efficiency of the use and allocation of resources to achieve stated aims and objectives.

When it comes to cyber security the common aims and objectives often include:

  • Keeping the name of the CEO and the company out of the limelight for having been 'compromised'
  • Staying ahead of the attacks and vulnerabilities to achieve the above
  • Engaging risk-appropriate controls to accelerate digital transformation projects

These are a few of the common objectives for cyber security.

Others are those normally associated with its measures, such as rates of patches applied, numbers of data loss/compromise events, and number of unresolved cyber event sequences among others.


2018 Cyber Security Spend Report

Monday, May 7th, 2018

Wellington Research's 2018 Cyber Security Spend Report is now available.

Featuring global market spend for all things cyber, the report covers aggregate spending on cyber security from now through 2022.

In addition, the report covers the allocation of spend on cyber across its many different procedures that are more or less automated by security products and services. Furthermore, the report covers the allocation of spend up and down the enterprise Eco-stacks, from spending on cyber for end-to-end value chain business processes to spending on cyber for digital infrastructures.

The 2018 Cyber Security Spend Report delivers a look at current market spend white spaces and discusses some of the factors influencing spend - going forward - for cyber security from our ongoing research.

Security and the IoT – What are the Treatment Options

Thursday, February 18th, 2016

Security and the IoT - What are the Treatment Options?

What are the digital risk treatment options?

We can mitigate the risk by using cyber security controls to manage the business risk of using digital.

We can transfer the risk of using digital to a third party via an insurance policy, and we often we use this as a backstop for catastrophic loss.

We could stop doing what we do, but its very unlikely we'll stop using digital, so we'll always be in the position of mitigating the risks that come with using digital.

Alternatively we can ignore the risks of using digital because we opt to self insure ourselves against its loss consequences.

For some categories this is the correct medicine: it's not worth spending the money on cyber mitigations to treat digital risks.

But our reflexive posture is to do "cyber security" to mitigate digital risk.

When it comes to the oncoming rush of interconnected devices of the IoT we''ll likely be using all four options - stop doing what we do, transferring risk, self-insuring, and mitigating - to treat risk from the uses of digital.

Let's find out more.


Overcoming the Snowflake-Effect for Cyber and Compliance

Friday, November 2nd, 2012

We need to overcome the snowflake-effect for Cyber and Compliance, and stop thinking the industry within which our company competes is unique and different from all other industries.

The snowflake-effect makes us believe that we - and out industry - are unique in the world of  (name the industry: advertising, automotive, banking, education, government agency, healthcare, medical devices, telecommunications, waste services).

Once we buy into the snowflake-effect, we buy into the next step in a journey of excuses when it comes to the governance of cyber: that because of our uniqueness, we cannot learn from others about what's working.

Short of being a member of an "ISAC" (Information sharing and analysis center, which by the way are all industry-focused) there is little in the way of lifting ourselves out of the snowflake-effect.

Unfortunately, snowflakes exist in every industry and are not limited to financial services, insurance, utilities, or retail among many others. And truth be told the business problems and opportunities in each industry are somewhat unique.