The words, “quantifying risk is impossible; it always will be,” are like nails on a chalkboard to me!
Why is it impossible? I quantify risk every day. I am not a magician or a fortune teller, and I do not have a crystal ball. Instead, I follow FAIR, a logical model that is adaptable to any risk scenario and requires critical thinking to identify and challenge key assumptions. What I do is not abstract, it helps inform decision-makers with the necessary information to prioritize current and emerging risks to their organizations. Risk quantification is definitely not impossible.
Let’s Define Quantifying Risk
As an economist at heart, I like to define everything. Let's begin with risk. Risk is the probable frequency and probable magnitude of future loss. Next, I define risk quantification as assigning actual, financial values to the risk scenario, in other words measuring risk in dollars and cents. Historically, the biggest roadblock to risk quantification has been a perceived lack of data. The game changer is that the FAIR model leverages calibrated estimates, in situations where data is lacking. Additionally, data inputs are entered as ranges. Both calibrated estimates and ranges allow for efficient analysis and accurate results.
What It Means to Be Able to Quantify Risk
Whether we quantify risk at the information security or enterprise risk level, reporting on risk in financial terms supplies board members and other decision makers with risk information in a business context. This enables them to make well informed decisions based on how much risk they want to accept.
RiskLens and Quantifying Risk
RiskLens is the only cyber risk management software purpose-built on FAIR. Our platform integrates maturity models, best-practice cyber risk management workflows, analytics, and industry-specific loss data. We continue to refine our techniques and abilities in an ever changing and growing industry. Clients have used the platform to assess emerging threats, save money and even justify security expenditures.
Don’t Believe Everything You Hear
It only takes one person or one success story to prove anything is possible – we are well past that now. It’s time to start believing and allowing us to show you how to start working with quantification on your side. I love what I do – I know you will, too.