In a guest blog post on Threatpost, How Cyber Insurance Changes the Conversation Around Risk, Nick Sanna, CEO of RiskLens, says that the process of shopping for cyber insurance can quickly confront an organization with the limitations to its information risk models, analysis tools and data.
Infosec risk managers can’t answer – in financial terms – the basic questions of “How much risk do we have?” and “What are our top risks?” required for answering the question of “How much cyber insurance should we buy?”
“There’s no standard cybersecurity insurance policy,” Nick writes. “That puts the burden on the insurance buyers to understand the particular threats and estimate the potential losses for their organizations – and to start having those quantified conversations on cyber risk.”
That's where a new framework for cyber risk assessment, reporting and management comes into play...
“Corporate leaders and practitioners in security and risk have decided the status quo is no longer acceptable,” Nick writes. “They’re finding their way to the emerging field of cyber risk quantification”—and the FAIR model, the only international standard for cyber risk quantification. FAIR powers the RiskLens platform.
Read Nick's complete post on Threatpost: