The Cost of Misjudging Cyber Risk

Written By Didier Jourdain

In cybersecurity, what you don’t know can absolutely hurt you.

Organizations often assess cyber risk using incomplete information or flawed assumptions. They may focus narrowly on headline threats like phishing or ransomware while overlooking system interdependencies, third-party exposures, or unpatched legacy tech. Worse, many rely on generic risk ratings or compliance checklists that provide little insight into how likely a specific event is—or how much it would cost.

The result? Ineffective spending and avoidable losses.

In 2023, the average cost of a healthcare data breach reached $10.93 million, the highest of any industry for the 13th year in a row [1]. Yet many organizations still invest heavily in security tools without understanding which risks those tools actually mitigate—or fail to. A 2022 Ponemon report found that 51% of surveyed IT leaders said their cybersecurity budget decisions were not based on formal risk assessments [2].

Misunderstanding the sources of risk is just as damaging as underestimating their magnitude. For example, many hospitals invest in perimeter defense while leaving internal systems (like radiology workstations or PACS servers) vulnerable. Meanwhile, increasing digitization, remote access, and integration with third-party vendors have expanded the attack surface beyond what most standard assessments can capture.

This is where a more nuanced, data-driven approach pays off.

At Jourdain Risk Group, we apply probabilistic modeling tools—including Bayesian networks and copulas—to understand not just individual risks, but how they interact. We combine these methods with the FAIR framework to generate dollar-based, decision-ready insights that help clients prioritize mitigation based on real-world exposures.

Failing to understand cyber risk is expensive. Over- or under-spending and misallocating your defense budget? That’s even worse.

Smarter modeling means fewer surprises, better investments—and ultimately, better protection for your patients, your data, and your reputation.

Sources:
[1] IBM Security, Cost of a Data Breach Report 2023
[2] Ponemon Institute, Cybersecurity Risk in Healthcare 2022

Didier Jourdain
Previous

The Hidden Cyber Risks in Your Imaging Suite
Next

Why Healthcare Is a Prime Target for Cyberattacks