(Photo by Dollar Gill on Unsplash)
I asked participants to estimate the likelihood of the following events happening before the end of 2022.
- Finland enforces legislation to require ISO 27001 certifications from the largest essential service providers
- Cyber security accountability / leadership will be centralized in Finnish government (e.g. Cyber Ministry)
- Finland will be among the top three countries in the Estonian national cyber security index (2020: #1 Greece, #2 Czech, #3 Estonia - #8 Finland)
- A Finnish cyber security company (Revenue >10M€) will be acquired by a foreign company.
- A major cloud provider will have an interruption of service lasting 8 or more hours impacting many Finnish organization
- A Finnish company (other than Vastaamo) with over 100 employees will go out of business due to a cyber-attack
- Cyber-attack causes physical damage which leads to death(s)
- A Finnish company gets over 1 million EUR GDPR sanction
All 86 participants were experienced security and/or cybersecurity professionals and answers were given anonymously.
Finnish cyber security company acquired (4), major cloud service interruption (5) and cyber-attack forcing a company out of business (6) were predicted to be most probable. All three events average likelihood were between 60-70%. The least probable event was a cyber-attack causing deathly physical damage. Average and medium results didn't have big difference.
Interestingly almost all events got estimates from 0% to 100%. Only exceptions were Estonian national cyber security index result (3) which top estimate was 90% likelihood and cyber-attack forcing a company out of business (6) which lowest estimate was 10% likelihood. In short, security and cybersecurity estimates were all over the scale. Standard deviation was large - between 25 and 30.
This was not intended to be any serious study, but a fun survey of how Finnish security and cybersecurity professionals see the probability of some events in almost two years timeframe.
No comments:
Post a Comment