How Can Organizations Determine ‘Reasonable and Appropriate’ Safeguards To Provide ‘Adequate’ Protection of Sensitive Information?

Everybody involved in risk management in general, and specifically cybersecurity risk management, knows the textbook answer. The organization needs risk analysis that includes threat and vulnerability assessments. It needs to perform an assessment of its information and IT asset. It needs to select a comprehensive set of cyber security controls that addresses specific threat-vulnerability pairs (a process sometimes referred to as threat modeling). Said risk analysis should be cost-effective and manage risk at a level deemed acceptable by the organization.

From a practical perspective, this process is virtually impossible for many, if not most healthcare organizations to perform. Most healthcare organizations lack actuarial-type information. Similarly, they lack insight into the likelihood that threat-source will successfully exploit one or more vulnerabilities. In the absence of specific cyber risk data, the potential cost of losses, and other important information, it is very difficult if not impossible to develop a valid business case for a specific cyber risk response plan.  

Due to information asymmetry, most healthcare providers and organizations fall prey to fear, doubts and uncertainty. The ugly truth is that corporations spent an enormous amount of money on cybersecurity. The Global Cybersecurity Market is estimated to be $175 Billion in 2020 and will likely grow to $275B by 2026. Clearly more and more money is spent on cybersecurity each year, but the fundamental question still remains – are we getting any better? Unfortunately, the answer is no. In fact, our collective problems are getting worse.

Here is why? Most business owner including healthcare is afraid of cyberattacks. They don’t understand the cyber risk, but they are forced to do something about it. They are forced to deal with cybercriminals as well as potential fines and other consequences from various government agencies. In many cases, the governmental consequences are much harsher than the cyber attack itself. In this situation, many business owners purchase some sort of gadget, network solution, firewall, or software in order to protect themselves in the false hope that this will do the trick. Unfortunately, most IT businesses do not tell their customers that more than a third (30%) of cyber attacks are so-called zero-day attacks. These are newly invented attacks, so even the best IT system has over a 30% failure rate. Most cyber-attacks today are so-called file-less or sophisticated attacks that pass through outdated security systems. In other words, a lot of business owners fall prey to security theater. 

I can’t stress it enough, the organizations need to better understand their own cyber risk as well as the risk they inherit from their clients and business associates who provide ancillary services to them. Cyber security is not about better devices. These are only tools. As the old adage goes “the fool with the tool is still a fool”. We live in an interconnected cyber world now. This high degree of interconnectedness across the globe is our major opportunity as well as a challenge. It is a big opportunity as we can collectively leverage our resources to provide better services, but it is also the greatest challenge as the high degree of interconnectedness across numerous companies can rapidly lead to a contagion effect, where problems in one company may quickly spread to its counterparts and even to entire industry sector.

The companies who truly care and wish to protect their assets and grow in cyberspace, need to understand this inter-connected cyber risk and devise a plan of action accordingly. 

Corax team has developed an enterprise-level cyber risk management platform that helps executives and other decision-makers in your organization to understand and prioritize the cyber risk affecting your organization in a standardized manner. Corax Cyber 360 platform provides the needed fundamental and holistic change in the way the healthcare industry manages cybersecurity and information and privacy-related risk. If you are new to cyber risk management, Corax Cyber 360 will help you to build your Enterprise-level Cyber Risk Management/Optimization program. If you already have a system, Corax Cyber 360 will help you to fortify the existing system, making it more reliable, measurable, and consistent. 

Corax Cyber 360 is an Artificial Intelligence-based platform that contains information on more than 10 million interconnected businesses and companies worldwide. It also contains information on most healthcare providers and hospitals in the United States and worldwide. What does that mean for our clients? Faster performance, improved accuracy, better knowledge, and most importantly invaluable cyber risk insight. 

What really sets Corax Cyber 360 platform apart is its ability to model inter-connected cyber risk that given healthcare organization faces and transfer nebulous digital risk into monetary losses associated with a potential cyber event. Corax Cyber platform allows users to calculate the return of security investment. This is a major competitive advantage. Corax Cyber team has helped corporations to “remove” $175 Billion worth of corporate risk from their balance sheets worldwide. 

The platform has been used by numerous insurance carriers that use the Corax Cyber platform to identify and quantify the cyber risk of their clients and the potential financial impact of the cyber event. They use the cyber insight provided by the Corax Cyber platform to underwrite their policies. Hence, the technique and methodology are well-established and validated by the insurance industry. 

The Corax Cyber 360 does the heavy lifting for the customer. It offers healthcare providers access to sophisticated cyber risk insight that contains 

  1. Fully automated and customizable cyber-security threat and vulnerability assessment of your organization and your business associates. 
  2. The system generates a list of recommendations on how to improve your cyber-security so the risk management team can make risk-based decisions and allocate resources appropriately.  
  3. The system calculates the likelihood that a cyber event will happen.   
  4. The system provides actuarial data and models potential monetary losses. 
  5. The system enables you to see how your organization compares in your industry against your peers or competitors.  
  6. With access to Corax Cyber risk intelligence information, healthcare organizations will be able to quickly and precisely select the most appropriate actions to protect their organization, allocate only resources that are absolutely necessary and will bring the most return on security investment, and minimize wasteful spending. 
  7. It will also minimize liability and potential monetary losses to their organization and its directors and officers.

We believe Corax Cyber 360 platform will provide a significant competitive advantage to healthcare organizations that will adopt novel probabilistic modeling and prediction, and avoid false security with questionnaire-based risk management systems or simply relying solely on IT controls.