Results of our Poll on Cyber Warfare and Risk Based Decision Making Procedures.

Aug 3rd, 2011

We promised to publish the results of our Poll on Cyber Warfare and Risk Based Decision Making Procedures.  So here they are, for your information.

Hex dump of the Blaster worm that spread on computers running Windows XP and Windows 2000, during August 2003.

Results of our Poll on Cyber Warfare and Risk Based Decision Making Procedures.

Please note, all percentages are approximate, rounded up to the nearest 5%.

60% of the respondents use a well defined risk glossary. However, only 25% use well-defined risk assessment procedures and 40% expresses probabilities in non numeric ways (qualitative, indexes etc.).

Almost everyone declares to formally evaluate consequences of their decisions. Yet 50% do not formally evaluates cascading failures (dominoes effects, interdependent failures).

60% of the respondents define risk tolerance criteria to support their decisions, and almost everyone update their assessments by periodic reviews.

50% have a formal definition for Cyber Defence in their organization, and 75% of the respondent are concerned by possible Cyber impacts (attacks, warfare, etc.) to their organization. Accordingly, 75% believe their organization should strengthen their Cyber Defence scheme.

90% believe that information silos in their organization blur their vision, and almost everyone says that Cyber Defence programs should span across all their organization’s activities.

Now that you see the results spelled out in plain text, what are your reactions?

Tagged with: Analysis, Cyber Warfare, decision, Defence, holistic, management, operational, risk

Category: Consequences, Hazard, Mitigations, Probabilities, Risk analysis, Risk management