As part of our series on Integrated, Digital Risk Modeling (IDRM) we now explore Inside-Out Risk Modeling.
Medical researchers from Stanford recently reported on the promise of continuous health monitoring to identify early signs of cancer and other diseases so they can be prevented or treated before they become serious threats.
Emerging medical technologies include contact lenses that continuously screen for glaucoma, cardiac monitors that automatically report arrhythmia, and implanted sensors that detect biomarkers associated with cancer.
Meanwhile, in the realm of risk management, new technology-based techniques enable enterprises to continuously monitor cybersecurity, data privacy, compliance, and other risks.
The need for better cybersecurity, for one, is well-documented: 2021 was a record-breaking year for data breaches. Targets included Facebook, LinkedIn, Microsoft, Accenture, and T-Mobile. Last year, more than one in three global organizations were victims of a ransomware attacks, which increasingly target supply chains.
Unfortunately, companies’ defenses haven’t kept up with these increasingly sophisticated attacks — in part because monitoring is too general and imprecise to detect specific trouble before it advances and wreaks havoc.
Company-Specific Risk Assessment
The Stanford researchers point out that standardized health evaluations are designed for large populations, so they cannot predict an individual’s predisposition for disease. In the same way, cyber risk assessment approaches based on little more than industry type and revenue range fail to show specifically what’s happening in your organization — in your networks, supply chains, operations, governance, and compliance — leaving you blind to vulnerabilities.
However, emerging technologies and processes are replacing this type of “outside-in” risk assessment with an “inside-out” approach that uses your enterprise’s unique operational data, risk appetite, and strategic dynamics to continuously and precisely monitor, measure, quantify, and predict risk exposure.
This customized method generates organization-specific insights that are instantly actionable and which cannot be achieved by the more common practice of relying on general industry information.
It becomes even more compelling when these organization-specific enterprise risk insights are coupled with:
- Customized industry risk benchmarks adjusted to take into account industry type, company size (not range), risk appetite, data assets, strategic objectives, and other factors.
- The ability to quantify the financial impact, remediation cost, and annual loss expectancy of each factor of risk across an enterprise.
This creates bespoke, accurate intelligence that enables your organization to compare the severity of one risk to another, set priorities, allocate resources effectively, and create data-driven remediation plans.
The Benefit of Continuous Monitoring
The Stanford doctors note that medical screening tests typically are administered every one to 10 years, leaving time for tumors to emerge and advance to the clinical stage before the next screening. The same thing happens with cyber risk assessments — they typically reflect the position at a moment in time and, in these rapidly evolving times, are quickly out of date. In fact, the results often are out of date before they are compiled and reported — leaving companies unaware of threats that emerge before the next review occurs or until they escalate, out of view, into full-blown crises.
Inside-out risk monitoring is similar to diabetic patients checking their blood glucose. It provides a real-time view of precisely what’s happening within the system — IT systems or supply chains or governance rather than the human body — so that prompt, preventive action can be taken before problems escalate.
For more on inside-out risk modeling, watch this short video featuring Phil Quade, former Chief Information Security Officer (CISO) for a major cyber security company, long-time officer in the National Security Agency, and a member of the OptimEyes.ai Advisory Board.
This is part of a series on the benefits of Integrated, Digital Risk Modeling. Previous installments include: