[BreachExchange] Shift your perspective on cybercrime to realize how well you’re doing

Tue Mar 21 18:55:37 EDT 2017

http://www.csoonline.com/article/3183456/leadership-management/shift-your-
perspective-on-cybercrime-to-realize-how-well-you-re-doing.html

A report recently surfaced placing the global impact of cybercrime at a
staggering $450B. Naturally, it pressed on the tender wound and supplied
further evidence that we are woefully unprepared, globally, to tackle such
a complex challenge.

In 2016 "cybercrime cost the global economy over $450 billion, over 2
billion personal records were stolen and in the U.S. alone over 100 million
Americans had their medical records stolen," said Steve Langan, chief
executive at Hiscox Insurance, told CNBC. "This is an epidemic of
cybercrime, and yet 53 percent of businesses in the U.S., U.K. and Germany
were just ill-prepared."

It stokes an emotional response that we simply are not doing enough. It
fits the trend of negative news and reinforces the notion that we must do
more.

But what if we’re looking at the numbers the wrong way?

Absolute numbers make an impressive point

Stating an absolute number of $450B is designed to suggest a seriousness of
the situation. It is a number so large we can’t really fathom it. What we
know is that it’s big. And a number this big connected to cybercrime can
only mean that we have a problem.

Right?

What if we used a percentage instead of an absolute number?

I read the headline and the blurb above. Then I asked how large the global
economy is. Specifically, I asked Google. Roughly 20 seconds later, I found
the answer in wikipedia:

"In 2014, according to the CIA's World Factbook, the GWP totalled
approximately US$107.5 trillion in terms of purchasing power parity (PPP),
and around US$78.28 trillion in nominal terms."

There are more questions about how the data for these numbers is sources,
compiled, and validated. Good questions for another time. For now, set
those aside.

Focus on what happens when we consider the reported impact of cybercrime in
the context of the global economy. Turns out that $450 billion of $78
trillion is only 0.0057 or 0.57%.

It’s roughly half a percent.

By way of comparison, retailers celebrate when global shrinkage (a fancy
way to describe theft) is held to 1.38%.

How do you feel now about 0.57%?

Keep the numbers small for greater impact

Everyone knows we only get 24 hours in a day. Without looking it up, do you
know how many minutes that is? How many seconds are in a day?

While we know there are 60 minutes in an hour and 60 seconds in a minute,
we don’t generally consider our days more than by the hour. Specific
meetings or events, perhaps. Overall, we tend to use the scale that makes
it easier to manage mentally.

How does 0.57% translate, then, in terms of time in our day?

The percentage is small, but what does it mean?

There are 24 hours in a day, which is 1440 minutes, and 86,400 seconds.
Losing 0.57% of the day works out to 0.1368 hours, 8.208 minutes, or 492.48
seconds. Even here, the scale is a bit awkward. We tend to think in terms
of hours, seconds, and minutes.

But let’s put this into perspective. If we lose 492.48 seconds over the
course of the day, that works out to 20.52 seconds each hour. It took me
that long to figure out the value of the global economy.

Once you size it that way, how big a deal is it?

Shift your perspective and keep up the good work

The article presented the global impact of cybercrime as a problem
demanding immediate attention. It played into a common bias that other
people don’t understand and aren’t doing enough. Armed with a staggering
number and dire-sounding predictions, it causes alarm intended to create
action.

By shifting our perspective, we find that the problem is less than half a
percent of our global economy. While an attack on any individual business
is potentially devastating, this is hardly a problem demanding urgent
action.

In the case of cybercrime, it means we’re doing good. The hours you and
your team invest are paying off. Collectively, we’re making a difference.
And that’s a reason to take a moment and celebrate.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170321/5d283997/attachment.html>