Basic web application attacks – the smash and grab technique favored by financially motivated cyber attackers -- may seem less threatening than supply chain attacks or other brainier methods. But think again. According to the 2023 Cybersecurity Risk Report just out from RiskLens, web application attacks are both the costliest and most frequent events an organization is likely to experience in a year of cybersecurity risk management.
The RiskLens report applies cyber risk quantification, FAIR™ (Factor Analysis of Information) risk-scenario simulations and data gathered from industry sources such as the Verizon DBIR to rank seven risk categories across nine industries to give a clearer picture than ever before of the actual impact of top cyber risks.
Often when applying cyber risk quantification models to industry data sources, there is only a one-dimensional perspective, a focus on only the most expensive events or the most frequent events. The RiskLens study ranks risks by average loss exposure (per risk scenario), a summary of how losses play out probabilistically over 10,000 simulated years, incorporating both the magnitude of the loss and the probability of the events. It’s a very useful measurement for CISOs or other security leaders looking to plan security budgets or buy cyber insurance over time.
Why Basic Web Application Attack Leads the Cyber Risk Categories List
The RiskLens report revealed that basic web application attack is both the relatively most probable and relatively most expensive type of cybersecurity risk management event, resulting in an average loss exposure figure of $5.1 million. That’s nearly twice the figure for a system intrusion attack event that could be more costly but less likely than a web application attack.
2023 RiskLens Cybersecurity Risk Report: Top 2 Industries for Basic Web Application Loss Exposure
More findings on web application attacks from the RiskLens 2023 Cybersecurity Risk Report and the Verizon DBIR:
- Among industry sectors, public administration faces the highest loss exposure from this attack form at $18.3 million. (RiskLens)
- Government agencies face a surprisingly high probability of web application attack in a year at 27.7%. (RiskLens)
- Over 80% of breaches initiated by web application attack can be attributed to stolen credentials. (Verizon)
- While risk categories others have had big jumps, no other pattern has seen quite the consistent growth over time as basic web application attacks have over the past five years in terms of incidents. (Verizon).
RiskLens offers quantitative cyber risk management solutions built on the FAIR™ standard. Leverage RiskLens to understand your cyber risks in financial terms. Contact us for a demo.