The World Economic Forum released a paper last week, called "Partnering for Cyber Resilience Towards the Quantification of Cyber Threats". The paper can be read here on the WEF's site. From the paper:
Managing cyber risks requires a framework for segmenting and quantifying shared risk factors. Among the dimensions of an effective cyber risk model is quantification of assets, knowing the attacker profile and knowing the potential vulnerabilities of a company. Successful cyber risk includes organizational leadership, cyber life-cycle process management, and solution life-cycle implementation management.
There is an article about the World Economic Forum's paper on the Privacy & Security Law Blog describing the general requirements for building a common framework for quantifying cybersecurity risk into economic terms. Twice in this article they incorrectly noted that an established model and/or technology does not exist. CXOWARE will be working with the contributing authors to inform them an established model does exist. It's called FAIR - outlined in Gartner report G00256964 and identified as the only risk methodology that quantifies cybersecurity risk into dollars & cents. You don't need to spend millions building an application. RiskCalibrator is built on FAIR!