RiskLens in 2020: New Products, Expanding Reach, as the Pandemic Focused the Market on Digital Transformation and Quantitative Risk Management

December 16, 2020  Jeff B. Copeland

The pandemic, an economic downturn, a rapid shift towards working from home, digital transformations accelerating, a re-arranged risk landscape – 2020 taught us that fast, adaptive decision-making requires clear insight into risks, with results that can be easily communicated across an organization.

As that lesson spread in 2020, at RiskLens we began to see significant market movement to Factor Analysis of Information Risk ( FAIR™). FAIR supports informed decision-making by analyzing and communicating cyber loss exposure in the financial terms that everyone understands. “The pandemic accelerated the maturation of the market,” RiskLens CEO Nick Sanna says, “forcing companies to think about what they need to do in transforming their businesses and what are the top risks in the process. At the same time, budget constraints forced them to focus more on achieving better ROI for risk reduction from security investments. “It’s been a significant evolution in terms of conversations with customers and prospects.”

New Products Introduced in 2020 Extended Our Capabilities

 RiskLens announced a series of new, breakthrough products that significantly extended the capabilities of our platform and service offerings to better justify, prioritize and manage the cybersecurity investment decisions and risks that accompany digital growth and transformation.

  • The RiskLens FAIR Enterprise Model™, a comprehensive roadmap for scaling a quantitative risk management program that creates flexibility to adopt FAIR and build programs, supporting companies at various levels of maturity and different types of business needs.
  • Rapid Risk Assessment, a new capability on the platform that enables analysts to generate in minutes a ranked list of risks (typically 20-40) by probable loss exposure in dollars, for a clear picture of the organization’s top risks and risk landscape, making cyber risk quantification faster and easier than ever before.
  • Risk Treatment Analysis, also new on the platform, analysts can now model the effect of different controls for reducing loss exposure on top risks, then compare those results against the cost of controls for true cost/benefit analysis.

New Partnerships in 2020 Extended Our Reach

We signed a series of partnerships that will bring the RiskLens platform and processes to vastly wider market, as covered in these blog posts:

RiskLens and ServiceNow GRC Integration Now Available, One Click Away

RiskLens Platform Now Integrated with RSA Archer Risk Register

IBM Partners with RiskLens to Offer FAIR Cyber Risk Quantification to Its Global Client Base

Growing Recognition for FAIR from Risk Management Authorities 

FAIR gained higher visibility in 2020, as a series of risk management authorities and standards recommended quantification and FAIR by name.

  • The National Institute of Standards and Technology (NIST) recommended risk quantification and FAIR in a new standard for integrating cybersecurity with enterprise risk management (NISTIR 8286).
  • COSO issued its first guidance document on applying the widely used COSO Enterprise Risk Management Framework to cyber risk management and recommended the use of FAIR.
  • The National Association of Corporate Directors (NACD) Cyber Risk Oversight Handbook also endorsed the use of quantitative risk models including FAIR.
  • The FAIR Institute and HITRUST launched an effort to integrate FAIR with the HITRUST CSF, the cybersecurity controls framework in use at hundreds of thousands of organizations.

Recognition for RiskLens as a Market Leader in 2020

RiskLens was named to Deloitte’s 2020 North America Technology Fast 500™ for the second consecutive year and Business Insider named RiskLens CEO Nick Sanna one of 50 “ People Who Led Cybersecurity through What May Have Been Its Most Important Year Ever.

Coming in 2021…

Building on the momentum and innovation of 2020, expect to see more product and market breakthroughs – including some very significant advances in risk analytics for cybersecurity controls.