RiskLens, the leading provider of cyber risk quantification solutions, announced today that RSA™, a global cybersecurity leader delivering Business-Driven Security™ solutions to help manage digital risk, will resell the RiskLens Cyber Risk Quantification (CRQ) application as RSA Archer Cyber Risk Quantification®.
RiskLens will continue to directly offer its CRQ as a standalone product, along with the broader RiskLens application platform, to clients around the globe.
Risk registers within GRC tools are too often used just as collection points for “risks” that aren’t actually risks at all – for instance, control deficiencies that don’t represent possible loss events for the organization.
With no standard cyber risk taxonomy and model applied to organize risk register entries and given the inherent flaws of qualitative risk measurement scales such as ‘High-Medium-Low’, the result is an inaccurate and misleading picture of risk that prevents both cost-effective risk mitigation decisions and effective governance of the risk landscape.
The new RSA Archer Cyber Risk Quantification® Solution enables risk managers to apply the standard FAIR taxonomy and analytics model for a true picture of risk, based on quantification in financial terms, dollars and cents.
With easy access to the power of risk quantification, RSA Archer users will be able to better articulate risk appetite statements, rank risks for mitigation based on cost-benefit analysis or identify lists of top risks.
This announcement marks important recognition in the marketplace for Factor Analysis of Information Risk (FAIR), the estimation and quantification engine that powers the RiskLens platform.
In recent years, FAIR has emerged as the leading international standard for risk quantification. The methodology has been endorsed by The Open Group, the global organization composed of over 500 public and private organizations that sets international IT standards. FAIR has also been recommended by the National Institute of Standards as complementary to its Cybersecurity Framework (NIST CSF), a set of best practices used by close to 50% of large enterprises in the US, and the PCI Data Security Standard (PCI DSS) Risk Assessment Guidelines, the requirements setting group for credit card transactions.
RiskLens is the only cyber risk quantification software purpose-built on FAIR. The application combines guided risk scoping with risk calibration and estimation techniques, along with an embedded Monte Carlo simulation engine to run thousands of computations, generating a highly accurate distribution of probable risk, in bottom-line terms.
Leading companies in the Fortune 500 – including 10 of the Fortune 100 – in over 15 industry vertical markets spanning from financial services, to retail and healthcare, use the RiskLens platform.
RiskLens is also the leading trainer for the FAIR method, offering self-guided, online video tutorials and on-site training. And RiskLens is the Technical Adviser to the FAIR Institute, the worldwide expert organization of 2,500 members, whose mission is focused on education, development of best practices and member collaboration on the subject of cyber risk quantification.
Nick Sanna, Chief Executive Officer at RiskLens, commented that “the market for cyber risk quantification is growing exponentially as companies recognize that they must treat cyber risk as a top business risk and manage it accordingly, by articulating it in financial terms.”
“With new SEC guidance calling on publicly traded corporations to disclose their cyber risk in financial terms, pressure is mounting from Boards of Directors and Chief Executive Officers to adopt models and technological solutions that provide a never before seen level of visibility on the impact onto the bottom line.
“RiskLens paved the way and is leading the market in cyber risk quantification – with RSA’s selection of RiskLens CRQ as the core technology for its new offering, our reach and our ability to drive this paradigm shift in security grows even stronger.”
In the RSA announcement, David Walter, Vice President, RSA Archer, commented that “under the threat of high-profile cyber attacks and data breaches, executives and corporate Boards are starting to ask more informed questions about their organizations’ risk exposure.
“RSA Archer Cyber Risk Quantification® gives security teams the tool they need to quantify and communicate their cyber needs in a language that business leaders can easily understand. This helps clarify priorities for security investments, and also helps with planning for risk transfer methods such as cybersecurity insurance.”