Romy Ravines PhD has more than 20 years of experience in Business Consulting based on Advanced Analytics. She is skilled in transforming data into actionable knowledge for decision-making. Her fields of expertise include Machine Learning, Artificial Intelligence, Business Intelligence, Econometrics, and Bayesian Statistics. Dr. Sc. in Statistics from Federal University of Rio de Janeiro (UFRJ, Brazil), author of articles in scientific journals, and lecturer at universities and Business Schools. She is currently the Bayesian Modeling Specialist in DeNexus.
Cyberthreats, as well as the cybersecurity industry, have grown rapidly hand in hand. When you consider that the entire industrial world is dependent on information technology and operational technology solutions, it is not a challenge to understand why. Ransomware targeting critical infrastructure, covert spyware or network failures caused by human error all have a serious impact on an industrial enterprise’s bottom line at various time horizons. This is the definition of cyber risk and defending against it is big business. But what good is a defense without the knowledge of the risk event’s impact? Do we know how cyber risks will affect our operation? How much risk exposure is our business holding at any one time? Quantifying cyber risk is hard. Cyber risk is dynamic, volatile, and contrary to other sources of risk, cyber risk is subject to human factors ranging, such as motive. Without understanding cyber risk in terms of probabilities and financial terms, no organization can truly mitigate the impact to their business that emerging cyberthreats can pose to their bottom-line, to their employees and shareholders, or even regional laws. Therefore, true cyber risk quantification with real-time evidence-based data is needed. Just as information technology and risk modeling have armed the economy with new measures of efficiency, they should also be used to manage cyber risk.