
Everything About Your Cyber Risk Assessment Is Wrong
From Trust vs. by HITRUST Alliance
August 28, 2025 · 31 min · Season 3 · Episode 3
About this episode
Douglas Hubbard discusses the flaws in traditional cybersecurity risk assessment methods and offers insights for better measurement and decision-making.
What if the way we’ve been measuring cybersecurity risk is fundamentally flawed? Too often, organizations rely on color-coded charts and gut instinct to make critical risk decisions leading to a false sense of confidence and missed opportunities for real insight. In this episode, we’re joined by Douglas Hubbard, creator of the Applied Information Economics (AIE) method and founder of Hubbard Decision Research. Doug is also the author of How to Measure Anything in Cybersecurity Risk , and he breaks down why risk matrices fall short, how most people misunderstand measurement, and what organizations can start doing right now to make smarter, data-driven decisions (no math degree or massive data set required!). Meet Ryan: https://www.linkedin.com/in/ryan-patrick-3699117a/ Meet Jeremy: https://www.linkedin.com/in/jeremyhuval Meet Robert: https://www.linkedin.com/in/robertbooker/ Meet Doug: https://www.linkedin.com/in/dwhubbard/ Get a copy of How To Measure Anything In Cybersecurity
People in this episode
Hosts: Ryan Patrick, Jeremy Huval, Robert Booker
Guest: Douglas Hubbard
Topics covered
- cybersecurity
- risk assessment
- data-driven decisions
- measurement
- Applied Information Economics
Keywords
- cyber risk assessment
- risk matrices
- data-driven decisions
- cybersecurity measurement
- Applied Information Economics
Mentioned in this episode
Books & works: How to Measure Anything in Cybersecurity Risk
More episodes of Trust vs.
- Cybercrime Has Gone Cartel · December 18, 2025 · 29 min
- Hacking Back, Legal Limits, and the Future of Cybersecurity Regulation · November 20, 2025 · 40 min
- When Your AI Has a Login and a Mind of Its Own · November 6, 2025 · 38 min
- Why Compliance Fatigue Is a National Security Risk · October 23, 2025 · 42 min
- Why SOC 2 May Not Prove Security Anymore · October 9, 2025 · 41 min
- Chaos, Culture, and Cyber Resilience · September 25, 2025 · 37 min
Explore listener stats, chart rankings, contacts and more on the Trust vs. podcast page.