Authors: Taylor Reynolds, Sarah Scheffler, Daniel J. Weitzner, Angelina Wu

Published on: February 06, 2024

Impact Score: 8.38

Arxiv code: Arxiv:2402.04166

Summary

• What is new: Introduces a framework leveraging privacy enhancing technologies (PETs) to benchmark cyber posture and estimate cyber risk in a way that has not been possible before due to data sensitivity.
• Why this is important: Organizations struggle to estimate their cyber risk exposure and compare their security to peers due to the lack of shared industry-wide security data.
• What the research proposes: A new framework that uses cryptographic computing to securely compute aggregate cyber risk metrics, enabling organizations to assess risks and compare with peers without disclosing sensitive data.
• Results: Applied the framework to 25 large firms in a specific sector, successfully estimating individual risk exposures and allowing private comparison of security posture among them.

Technical Details

Technological frameworks used: Privacy enhancing technologies (PETs), cryptographic computing for aggregate data computation.

Models used: Defense Gap Index model for benchmarking cyber posture and estimating cyber risk.

Data used: Data collected from 25 large firms in partnership with an industry ISAO.

Potential Impact

Cybersecurity industry, especially services focused on risk assessment and mitigation; companies in highly regulated sectors like finance and healthcare could benefit significantly.

Want to implement this idea in a business?

We have generated a startup concept here: SecureRisk Analytics.