Threat Mapping: Today’s Planning Can Lead to Tomorrow’s Cybersecurity Success

Threat Mapping: Today’s Planning Can Lead to Tomorrow’s Cybersecurity Success

by Keith Barthold

Every 60 seconds approximately 1,861 people fall victim to cybercrime according to a survey by RiskIQ. That translates to $1,388,888 stolen by cybercriminals every minute.

The question for businesses today isn’t whether looming threats exist, it’s whether or not business owners are adequately prepared for them when they come.


That’s where threat asset mapping, also known as “threat mapping,” comes in. It’s a risk assessment process by which a company identifies its technology assets (phones, laptops, network, applications, data locations, etc.) and assigns a risk score to the types of possible cyber threats. As an example, an organization might identify an asset such as “company financials” and assign that asset a risk score of high, low, or medium based on the impact and likelihood of a cyber threat occurring — such as loss of confidentiality, integrity, or availability of that data asset.


Here are a few of the primary benefits of threat mapping:


  1. IDENTIFICATION: Threat mapping identifies a company’s cybersecurity effectiveness

Threat mapping creates clarity around what should be protected and why.  In conjunction with a cybersecurity assessment, it also defines and exposes potential risks and where those risks exist within the organization.  It’s one thing to know you’ve got a threat; it’s another to know exactly what level of risk it poses.


  1. IMPACT: Threat mapping quantifies the business impact of your vulnerabilities

In cybersecurity, not all threats are the same. Some should be taken much more seriously because of their potential size, impact, and consequences; others need less attention because they don’t pose as much of a threat. In these cases, if there is a vulnerability, the potential impact doesn’t compromise a significant amount of company capabilities, productivity, or reputation.


  1. PRIORITIZATION: Threat mapping justifies the allocation of cybersecurity dollars

Once companies identify potential threat areas and their relative impacts, they can allocate the appropriate resources where they are most needed. Since companies have finite dollars to invest in security, companies need to place them where they are most beneficial to the highest priorities of the company.


Because threat mapping provides a tangible way to identify and quantify risks, it’s one of the most effective tools for strategically prioritizing where to invest in cybersecurity and at what levels.


Keith Barthold is the president and CEO of DKBinnovative, a Dallas-based managed IT and cyber defense firm. DKB offers secure, reliable IT solutions to small and medium-sized businesses around the world who value productivity and security. Established in 2004, DKB acts as a company’s virtual chief information and security officer, whose role as a strategic partner and extension of its C-suite is to assist in planning, day-to-day execution, and future-proofing the organization. You can find more about DKBinnovative at


Leave a Reply