Cybersecurity involves everyday decisions about balancing costs that influence defensive outcomes—where to focus resources, which threats pose the most critical impact, and which mitigations must be deployed before others. Problems abound in this endeavor. Cost is not just monetary; resources are finite and scarce. Consequently, cybersecurity decisions are in danger of suboptimal outcomes and missed opportunities.
In theory, decisions should be made relative to the expected returns on each option. For example, will backups protect against the expected losses from ransomware? Other alternatives are, by necessity, not pursued. The calculation of ROI (return on investment) determines the value of a particular choice but ignores what might have been.
No entries found