Shakedown Social

Wade BakerIs your organization now more or less likely to experience a significant <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> event than it was 10y ago?Well, that depends. Let's look at some data from Cyentia Institute's recent 2025 Information Risk Insights Study (IRIS).The chart below depicts the annualized incident probability for firms in each revenue tier. I won't go into the details here of how we modeled this, but the methodology appendix in the report does get into that (link below). And if you want even more detail, Joran Elias has an excellent blog post for Cyentia Institute members (free account). For now, just assume we've used many incidents over many years to model the probabilities you see here.From the chart, you can see why I say "that depends" to the lead question. The probability of a <$100M firm suffering a <a href="https://infosec.exchange/tags/securityincident" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#securityincident</a> has more than doubled, while the chance of a $100B+ megacorporation having an event has dropped by a third over the same time frame. Meanwhile, incident probability for organizations in $1B to $100B range have remained relatively static.Unfortunately, our dataset is silent on the underlying factors behind these <a href="https://infosec.exchange/tags/cyberevent" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cyberevent</a> trends, but we can engage in some informed speculation. And LinkedIn is the perfect platform for it. I'll start. To me, this chart hammers home Wendy Nather's concept of the security poverty line. Giant corporations with their giant budgets to hire the best people, buy the best technology, and implement the best processes, are finding success. But the pace of digitalization has outpaced SMBs’ ability to defend their growing attack surfaces and mitigate <a href="https://infosec.exchange/tags/cyberrisk" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cyberrisk</a> .I have many other thoughts regarding the factors underlying what we see here, but I'd rather hear from you. What do you see as key contributors?**** Get the IRIS 2025 here: <a href="https://www.cyentia.com/iris2025/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.cyentia.com/iris2025/</a>You'll have the option to just download it or get it or join Cyentia's free membership program for the report plus a bunch of bonus analytical content.

BSidesAugusta🔒 Honoring @Fox_Pick again for making <a href="https://infosec.exchange/tags/BSidesAugusta" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BSidesAugusta</a> exciting, educational, and interactive. Lock pick battles await! <a href="https://infosec.exchange/tags/LockPickVillage" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LockPickVillage</a> <a href="https://infosec.exchange/tags/RedTeam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RedTeam</a> <a href="https://infosec.exchange/tags/CyberEvent" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberEvent</a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a>

Recent searches

Search options

Administered by:

Server stats:

#cyberevent