Most Popular RiskLens Blog Posts of 2018 Covered SEC Cyber Policy, Better Heat Maps, and More Signs of Growth in the Cyber Risk Quantification Movement

RiskLens and the FAIR risk model are change agents in the world of cyber risk management and the most popular blog posts we published in 2018 are a leading indicator of where the movement is heading. Take a look at the Top 10, by page views:

1. SEC Tells Public Companies to Up Their Game in Assessing and Disclosing Cyber Risks

By far, the best read post of the year – the powerful regulatory agency set a new disclosure standard by which the ‘costs’ or losses associated with cyber risks and breaches need to be assessed in monetary terms, requiring public companies to make a serious move to cyber risk quantification.

2. 4 Steps to a Smarter Risk Heat Map

This well-used tool is almost a symbol of qualitative, take-a-guess cyber risk reporting but, as this blog post shows, “you can build a heat map on a solid foundation of objective, quantitative analysis,” clearly good news to our blog readers.

3. How to Explain FAIR to Auditors

Drawing on her experience as an auditor, RiskLens Risk Consultant Taylor Maze tells her former brethren how they can improve their jobs by taking a broader look at controls from the point of view of risk to their organizations.

4. Gartner Names Risk Quantification a Critical Capability of Integrated Risk Management

Important recognition from the leading technology analyst firm. Gartner listed “Risk Quantification & Analytics” as part of five critical capabilities of IRM. If you’re not quantifying, you’re not truly evaluating cyber risk, Gartner said.

5. New eBook: Set Up Your FAIR Program in 7 Steps

From the creator of Factor Analysis of Information Risk, Jack Jones, a how-to manual on starting or advancing a FAIR cyber risk analysis program in your organization.

6. Wall St. Journal Says FAIR Helps Companies ‘Better Understand Cost of Cyber Threats’

More recognition for the quantitative cyber risk analytics movement, this time from the leader in financial media. “Companies are moving to deploy methods to calculate the financial impact of cyber threats,” the Journal writes in a profile of the FAIR program at Charles Schwab.   “Analysts say FAIR is gaining traction, especially among large corporations that already have experience with cyber risk analysis.”

7. What Is Cyber Risk Financial Modeling?

This post performed well on Google, indicating high interest in the world of risk management for an approach to cyber risk on a par with other risk disciplines, where results rendered in financial terms are the norm. Probably a lot of folks learned about FAIR for the first time by landing on this blog post. Welcome to the movement.

8. My Risk Problem and How I Solved It

This personal journey by RiskLens Risk Consultant Tim Wynkoop from an analyst at financial institutions frustrated with illogical, qualitative risk measurement to a believer in the quantitative method, struck a chord with many readers.

9. James Lam, Renowned Expert on Governance and Risk, Appointed to RiskLens Board

We were very excited to announce that one of the world’s foremost experts on enterprise risk management and corporate governance, joined the board of directors of RiskLens as an Independent Director. Lam was recognized in the 2017 National Association of Corporate Directors (NACD) Directorship 100 as one of “the most influential directors in the boardroom community.” He sits on the Board of Directors at E*TRADE Financial Corporation where he serves as the Chairman of the Risk Oversight Committee and as a member of the Audit Committee.

“I see RiskLens as the right product at the right time,” James said. “The demand is there, and in terms of value, I think it’s best in class. The association with the FAIR Institute gives the company a distinct advantage in terms of having a widely accepted risk quantification methodology.”

10. RiskLens Board Member James Lam in WSJ: No ‘Silly’ Tech Metrics in the Boardroom

In a sign of growing concern at the board level about cyber risk as a business risk issue, The Journal interviewed James for an article in which he said that CISOs and CIOs should stop reporting on cyber risk with “silly” metrics like attempted malware attacks, when boards of directors need to weigh cybersecurity investment against other corporate priorities, based on financial measurements.