We are frequently asked about what differentiates RiskLens from alternative approaches to assessing cyber risk. The following comparisons should help to clarify the important differences.
Organizations use a variety of solutions to measure their cybersecurity risk:
- These solutions offered by GRC tools or large consulting companies allow users to score risk using ordinal scales (1-5 or 1-10), “t-shirt sizing” (high, medium, low) or color codes (red, yellow, green). While these qualitative assessments are helpful in distinguishing between high and low risks, they do not enable effective decision-making regarding how much to invest in security, how to prioritize risk mitigations or how much cyber insurance to buy. Ordinal measurements also rarely, if ever, support a clear articulation of confidence or provide the means to express the continuum of exposure – i.e., the continuum between “best case” and “worst case”.
Quantitative, in-house spreadsheet-based solutions
- Some organizations attempt to build in-house solutions based on a combination of spreadsheets, customized risk models and some mathematical simulation tool. Very quickly, they realize that while the initial prototype allowed for a certain quantification of individual risk scenarios, as soon as they try to aggregate risk, the whole construct falls down. When it does collapse, the construct reveals the impact of unforeseen design flaws, risk model limitations and difficult-to-tame mathematical algorithms. That’s where they start wondering if building custom risk management applications is the business they should be in.
Ad hoc consulting-based quantification solutions
- Other organizations try to leverage solutions from consulting companies that are trying to market their risk quantification solutions like software applications; only to discover later on that their risk assessment process was created ad hoc and that the scalability and maintenance of their implementation is doubtful. In addition, customers have to put their trust in proprietary risk models whose underpinnings are not clearly documented, openly shared and subject to market scrutiny and validation.
Purpose-built cyber risk management platforms
- RiskLens has overcome the limitations mentioned above by building a next-generation platform designed to assess cyber risk holistically, based on a recognized international risk standard (FAIR). The RiskLens platform is not only capable of supporting user-driven, enterprise-level risk quantification analyses, but also of measuring an organization’s capacity to manage risk over time. This helps organizations assess both cause (risk management capabilities) and effect (quantification of risk).
What else sets RiskLens apart? The following table summarized the main differentiating points that explain why RiskLens is becoming the de facto standard solution for assessing risk in quantifiable terms.
||What Sets RiskLens Apart?
||Why Does It matter?
- Built-in risk calibration and analysis engine
- Templetized workflow
- On-demand risk analytics
- We do the math so you don’t have to
- Easy to use, assisted risk modeling
- Answer questions on-the-fly vs. producing time-consuming/outdated reports
- Pre-packaged, integrated apps
- Embedded loss tables
- Unified by standard FAIR risk model
- Less risk than building it yourself
- Quick wins: value in days
- Leverage of proven, open international risk standard
- 100% dedicated to cyber risk quantification
- Top customers are leading experts in domain
- Founder and technical advisor to the FAIR Institute
- Holistic coverage of risk quantification & risk mgt. maturity
- Practical, customer-centered innovation
- Strongest community of risk quantification practitioners