top of page


Data breaches are not as random as you might think. Building upon previous work forecasting fraud among business customers, we discovered something often overlooked by practitioners. Insufficient staffing is a strong predictor of data breach, and surprisingly, audit staff is just as effective at preventing a data breach as staff working in information technology. 


This session will demonstrate how cybersecurity data breach can be accurately forecast based upon the number of employees overall, and the number of employees with certain certifications that relate to cybersecurity. You will learn how this approach of measuring cybersecurity could help your organization to set risk appetite goals in terms of expected frequency of data breach and to right size the cybersecurity team to meet these goals.

Download my talk to ISACA Philadelphia: Forecasting Data Breaches
About the Speaker

Dr. Thomas Lee is the CEO of VivoSecurity, a Silicon Valley based company focused on data collection, regression modeling and A.I. to bring predictability to the randomness of data breach. In cybersecurity, Thomas has developed models to forecast fraud in online banking, probability for PII data breach, probability for lawsuits and costs in the event of a PII data breach, and the likelihood of a shareholder lawsuit for public companies in the event of a stock drop. He has developed models to forecast PII data breaches by state and models to forecast the number of data breaches in the healthcare industry.


Thomas has been an invited speaker at the Richmond Fed research conference 2018, invited participant at Richmond Fed cyber security workshop 2019, invited speaker at O.R.X Toronto & Milan 2018, speaker at OpRisk North America 2018, ACAMS panelist 2019, PRMIA NYC & BCG 2018, ISACA chapters in Toronto, and Silicon Valley 2022, and Silicon Valley Affiliate of WiSyS 2022; In 2023, Thomas has spoken at ISACA chapters in Silicon Valley, Orange County, Boise, Memphis, Sacramento, Arkansas, and Central Ohio. He was a panelist at ISACA Silicon Valley Digital Trust Summit in 2023. Outside of cybersecurity, Thomas has pioneered computational techniques in medicine for refining x-ray diffraction data, noise reduction in electron micrographs using in 2D Fourier filtering, and singular value decomposition applied to electron micrographs to determine molecular packing of hemoglobin molecules in sickle cell anemia.


Thomas has multiple patents and publications in peer reviewed journals and holds BS degrees in Physics and Electrical Engineering from the University of Washington, and an MS and PhD in Biophysics from the University of Chicago.

bottom of page