Insights & White Papers

Communicating Cyber Risks to the Board

By Cybersecurity Group


Cybersecurity risk oversight is a major focus for boards and one that will remain front and center on their agendas. In recent years, boards have often underestimated cybersecurity risks, resulting in large breaches with significant costs despite significant investments in defensive technologies.

The value of a comparative metric for investment decision-making

Cybersecurity risk oversight is a major – and ever-increasing – role for boards of directors, and one that is front and center on their agendas. Assessing whether the level of risk is acceptable is central to this, and poses challenges. In recent years, boards have often underestimated cybersecurity risks, with resulting large breaches with significant costs. Looking ahead, it is helpful to examine the reasons for this underestimation, and to identify steps to improve cyber risk assessment.

Experience at Cybeta, a Liberty Advisor Group Company, indicates that two key factors are at play. First, there remains a lack of cybersecurity expertise at board level. Many recent drivers of risk have outpaced board members’ levels of understanding, because technology and cybersecurity expertise is usually outside of their core fields of expertise. Second, cybersecurity professionals have done a poor job of communicating risk to the board. In this complex and fast-moving environment, it is all too easy for cyber experts to rely on technical jargon that confuses people without a background in cybersecurity. Instead, there is a need for a widely accepted and understood metric to evaluate cyber risk at the board level and beyond.

To meet this need, we created Threat Beta™, a comparative metric derived using proprietary methods, and including three primary analytic modules:

  1. Threat Surface: How extensive is your company’s presence on the Internet?
  2. Weighted Vulnerability Record: How does your company’s vulnerability compare with that of your competitors, and with all companies? How do your technologies compare with theirs, and with the state of the art?
  3. Attack Likelihood: Based on advanced indications and warnings on emerging cyber-attacks, what is your company’s chance of falling victim?

These three elements are all considered and then augmented with deep and dark web content to create a ThreatBeta™ score which is straightforward to communicate to board members.

This augmentation with deep and dark web content ensures that ThreatBeta™ takes full account of global activity against technologies by malevolent actors, quantifying their offensive threat capability, rather than simply focusing on your company’s defensive security set-up.

Updates to the ThreatBeta™ risk score based on the global landscape can be derived on a weekly basis to see how the core risk to the company is evolving. Board members can be given more detailed analytical briefings by their cyber teams and everyone can see the underlying drivers of ThreatBeta™ score trends – which may be increasing due to no fault of the company – helping inform appropriate investment decision-making to mediate cyber risks.

Cybersecurity risk oversight is a major focus for boards and one that will remain front and center on their agendas.  Looking ahead, ThreatBeta™ enables companies to remove any uncalculated risk and to identify steps to improve cyber quantification for boards of directors.

About Liberty Advisor Group

Liberty Advisor Group is a goal-oriented, client-focused and results-driven consulting firm. We are a lean, handpicked team of strategists, technologists and entrepreneurs – battle-tested experts with a steadfast, start-up attitude.  In 2019 Liberty Advisor Group announced the launch of Cybeta™, a suite of intelligence products and services designed to help keep your business off the Cyber X.  The product suite is tested and proven to predict future breaches and will give you the business threat intelligence needed to outpace your competition in the cybersecurity battle.  Cybeta was built by US intelligence-trained experts that have gained their skills from decades of experience at the DoD and U.S. National Intelligence communities.  In 2020, Liberty has been named to the 2020 Best Places to Work in Chicago and a Great Place to Work.

By Cybersecurity Group