Everything About Your Cyber Risk Assessment Is Wrong

Everything About Your Cyber Risk Assessment Is Wrong

From Trust vs. by HITRUST Alliance

August 28, 2025 · 31 min · Season 3 · Episode 3

About this episode

Douglas Hubbard discusses the flaws in traditional cybersecurity risk assessment methods and offers insights for better measurement and decision-making.

What if the way we’ve been measuring cybersecurity risk is fundamentally flawed? Too often, organizations rely on color-coded charts and gut instinct to make critical risk decisions leading to a false sense of confidence and missed opportunities for real insight. In this episode, we’re joined by Douglas Hubbard, creator of the Applied Information Economics (AIE) method and founder of Hubbard Decision Research. Doug is also the author of How to Measure Anything in Cybersecurity Risk , and he breaks down why risk matrices fall short, how most people misunderstand measurement, and what organizations can start doing right now to make smarter, data-driven decisions (no math degree or massive data set required!). Meet Ryan: https://www.linkedin.com/in/ryan-patrick-3699117a/ Meet Jeremy: https://www.linkedin.com/in/jeremyhuval Meet Robert: https://www.linkedin.com/in/robertbooker/ Meet Doug: https://www.linkedin.com/in/dwhubbard/ Get a copy of How To Measure Anything In Cybersecurity 

People in this episode

Hosts: Ryan Patrick, Jeremy Huval, Robert Booker

Guest: Douglas Hubbard

Topics covered

  • cybersecurity
  • risk assessment
  • data-driven decisions
  • measurement
  • Applied Information Economics

Keywords

  • cyber risk assessment
  • risk matrices
  • data-driven decisions
  • cybersecurity measurement
  • Applied Information Economics

Mentioned in this episode

Books & works: How to Measure Anything in Cybersecurity Risk

More episodes of Trust vs.

Explore listener stats, chart rankings, contacts and more on the Trust vs. podcast page.