Study Finds Surprising Similarities Between Cyber-Risk and Problem Gambling

Company officials who neglect email security -- a corporation’s greatest cyber vulnerability -- would fare extremely poorly if they brought the same approach to the poker table, according to new research that draws parallels between cybersecurity and the infamous high-stakes game.

The risks of failing to implement proper email security seriously outweigh any benefits, according to the 'Odds of a Bad Bet' report by Wire. Enlisting the help of a poker champion and various cybersecurity experts, researchers assessed the odds of falling prey to cyberattack, the business cost of such an account, and the 'best bet' of future-proofing against an attack.

A notable, but not very surprising, finding is that a company’s weakest links are its email and its people. An employee is three times more likely to infect a colleague with a malicious email than they are to spread the flu to their partner, the report says. Employees are also extremely bad at spotting phishing emails – their chances of spotting one are about as slim as hitting a specific number on the roulette wheel.

“Email offers the most significant access point for criminals by exploiting a human fallibility -- the inability to spot malicious emails. Just as with gambling, the outcomes are influenced by people and their judgement. The fact that employees are unable to discern malicious emails from safe ones, points to the inherent vulnerability of email,” the report’s authors said.

Other interesting parallels between real-life scenarios and the business world include:

• The chances of your business avoiding a malware attack are as low as the chance of pulling the Ace of Spades from a shuffled deck
• A company has a 50% chance of suffering a costly DoS (denial of service) attack -- effectively the same as the flip of a coin
• A company is over 10 times more likely to suffer a week of downtime from a ransomware attack than you are to suffer a house fire
• Your business is five times more likely to suffer a debilitating ransomware attack than you are to be involved in a car accident
• The chances of your business suffering a costly ransomware attack are the same as a hurricane hitting Florida next year
• You're almost as likely to go out of business due to a cyber-attack as your startup is to fail because it didn't get the next round of funding

To see businesses fail to prioritize cybersecurity is “akin to the behavior of a delusional problem gambler,” said Liv Boeree, poker champion and contributor to the report.

Switching gears, researchers used the same methodology to identify the 'best bet' of future-proofing against an attack. Two examples are given:

• The average ROI for future-proofing your business with end-to-end encryption is twice as high as investing in the S&P 500
• Cyber-security costs are rising so fast that waiting another year to invest in cyber-security is the same as letting 10 years' worth of inflation erode the value of your cash

Recent studies on the state of cybersecurity in the business world have found similar results. A recent report by insurance giant AIG reveals that Business Email Compromise (BEC) is a new leader in the list of top threats causing losses for businesses. In BEC scams, attackers use social engineering tactics to trick victims into wiring money to an address controlled by the attacker. For example, after compromising an executive’s credentials, they use their email account to demand a money transfer in their name from the finance department. Other times, attackers impersonate foreign suppliers requesting fund transfers for payments.