Cyber strategist Pete Lindstrom maintained in an article on CSO that cybersecurity risk is constantly changing in a way analogous to the probability odds in a March Madness tournament. Observing the constant data-analysis on the 538 March Madness prediction website throughout the games, seeing each team’s chance of success swing wildly back and forth game by game, Lindstrom likened it to the way “cybersecurity risk is changing in real-time as we identify new vulnerabilities and attacks, but also when we add or remove users, implement or retire systems, or simply use existing systems more.” He goes on to defend cyber risk quantification, suggesting that “with data-oriented analyses, not only can we provide predictions, but we can evaluate those predictions over time using well-established methods.”
