MIT Research Documents Effectiveness of Consensus Cyber Risk Oversight Principles
Geneva, Switzerland/Nov. 16 — As the World Economic Forum’s annual
Cybersecurity Summit concluded today, research conducted by MIT
Cybersecurity at MIT Sloan (MIT CAMS) found that the cyber risk
oversight principles (consensus principles) developed by the Forum in
conjunction with the Internet Security Alliance (ISA) and the National
Association of Corporate Directors (NACD) “demonstrates that
organizations that use the consensus principles can significantly
improve their cyber resilience without raising costs.”
The MIT research used a grounded control theory and system dynamics
built on significant research in the field, including interviews with
CISOs which has been validated over the years at a Fortune 500 company
analyzing a wide range of cyber risk challenges. MIT CAMS used a
simulation-added approach to understand organizational behavior when
adapting the consensus Cyber Risk Principles.
The research used a scientifically grounded simulation methodology to
explore the behavior of CEOs who followed the traditional model and
compared it to that of an aware CEO who followed the consensus
principles. The research found “a significant difference when comparing
the strength of defensive posture represented by the number of
cybersecurity incidents and compromised assists. The CEO who follows the
principles is predicted to have 85% fewer incidents.
Moreover, a CEO who followed the principles was more “cyber
conscience,” has gone further to foster resilience, is pro-active in
anticipating cyber threats, knows how their technology drives their
business, and focuses on maintaining business performance.
ISA President Larry Clinton noted that this study was the second
independent verification of the Principles; utilizing improvised
organizational cybersecurity, citing the previous PWC research, which
also found organizations who used these principles had better cyber risk
management, closer alignment between cyber and overall mission goals,
and helped to foster a culture of security.
“I’m not aware of any of the set of best practices regulations or
frameworks that has been independently assessed and verified using
multiple independent methodologies as have these core principles,”
Clinton said.
An abstract of the study based on NACD reporting can be found here https://isalliance.org/?p=12291.
Read More HERE