Consortium of Leading Cyber Technology and Insurance Providers Announce the Launch of SafeHouseInitiative.org
January 17, 2023
No Comments
This is a companion blog to the “The SafeHouse” podcast dated January 17, 2025. The conversation, led by Jeff Edwards and featuring Wade Baker, co-founder of the Cyentia Institute, and his significant contributions to understanding cyber risk through data-driven research
Listen to the original podcast here: https://safehouseinitiative.org/data-driven-research-approach-to-cyber-risk-with-wade-baker/
Wade Baker’s path to becoming a leading figure in cybersecurity was anything but conventional. Initially, he aspired to be a professional baseball player, attending college on a baseball scholarship. However, as he candidly shares, “I realized that I wasn’t fast enough and didn’t have a good enough arm.” This realization led him back to his passion for technology, which he had always considered a hobby.
Starting as a system administrator, Wade’s career evolved as he pursued a PhD in Information Technology at Virginia Tech. He discovered a passion for data analysis and cybersecurity, which laid the foundation for his future endeavors.
Wade’s experience at Verizon, where he contributed to the first Verizon Data Breach Investigations Report (DBIR), was pivotal. He describes this time as a critical turning point: “It was the first time the industry had really seen forensic-level analysis publicly available.” This groundbreaking work allowed organizations to understand security incidents better and manage risks more effectively.
After several years at Verizon, Wade and his colleague Jay Jacobs founded the Cyentia Institute. Their goal was clear: to analyze complex cybersecurity data sets and provide actionable insights to the security community. “We love taking large, nasty complex security data sets and seeing what we can learn from them,” Wade explains.
Over the years, the questions surrounding cyber risk have evolved significantly. Wade recalls the early days of the DBIR when external threat actors accounted for over 90% of incidents. “I remember people just livid about that,” he says, illustrating the strong opinions held in the industry about insider threats versus external risks.
As the landscape has changed, so too has the data available for analysis. Wade notes, “Today, there’s plenty of data out there on all kinds of factors that you want to know about on Cyber risk. Now, the challenge lies not in finding data but in sifting through it to make sense of it all.”
Wade emphasizes the importance of empirical data in making informed cybersecurity decisions. He encourages organizations to identify the key questions they want answered and measure the effectiveness of their practices. “Identify the questions that you want answered,” he advises. “We think you can manage risk better when you know all the details.”
One of the notable projects from the Cyentia Institute is the Information Risk Insights Study (IRIS), which analyzes publicly available incident data. This study helps organizations understand the probability of experiencing security incidents and the associated costs, enabling better risk management strategies.
Wade reflects on the challenges of managing risks in today’s digital landscape. “We are at this point in our industry, and we don’t have basic measures of effectiveness for common things that we call best practices,” he says, highlighting the need for organizations to challenge service providers and vendors to provide meaningful data points.
Moreover, Wade points out that many organizations still lack a clear understanding of the financial impact of their cybersecurity risks. “Without risk quantification, cybersecurity investments are reduced to mere compliance exercises,” he cautions.
As we wrap up this discussion, Wade encourages security professionals to embrace the wealth of data available and use it to drive informed decision-making. “Challenge yourselves and if you’re working with service providers and vendors, challenge them to start getting these data points together,” he concludes.
In a world where cyber threats are ever evolving, the insights shared by Wade Baker provide invaluable guidance for organizations looking to enhance their cybersecurity posture. By leveraging data effectively, we can illuminate the complexities of cyber risk and empower ourselves to navigate the digital landscape with confidence.
Stay tuned for more insights and stories from industry experts to help navigate the complexities of cybersecurity. For more information and resources, feel free to visit the SafeHouse Initiative website: https://safehouseinitiative.org/.
