FAIR risk analyses are great – they allow you to understand cyber risk in dollars and cents. RiskLens is the SaaS platform out there that allows you to conduct true quantitative cyber risk analysis.
To make things better, the work flow is easy:
The RiskLens computational engine then uses Monte Carlo Simulation to calculate the annualized loss exposure (ALE), in financial terms, of the modeled risk scenarios. And, voilà – you have cyber risk analytics reports like the one below, that CEOs and boards are used to seeing in other risk domains:
Really, it’s a beautiful report – in terms of the mathematics – and the important numbers are listed for you. But you might not have a math degree and it’s been a while since your last statistics course…so what are all the numbers that are listed in the chart again?
Let’s set the stage for the report above: RiskLens ran 10,000 simulations of a risk scenario for cybersecurity risk management.
Recently, we added a new number: the MOST LIKELY (ml)! The ml is an estimation of the mode (the number which appears most often in a set of numbers) that we derive by using a sophisticated technique called Half-Range Estimation. In the above graph, the ml is $86.0M.
You might be wondering how is the ml less than the avg? Quick answer – math. Longer answer – the ml is the number that appears the most, while the avg is the sum of all the results divided by the number of simulations run.
Gartner calls cyber risk quantification one of the must-have risk assessment tools for integrated risk management.
Not only did we add the new statistic metric, we have a new report…
HOW COOL IS THIS! This is the same risk scenarios that was analysed in the first risk report, however the results are being presented in a different way. (The math nerd in me is really excited about this! I won’t bore you with more than we are utilizing calculus here!) Let’s take our deeper dive here:
Now instead of just showing the Board our risk, we can ask the Board and the business, “Are you comfortable with there being a 20% probability of ALE greater than or equal to $200M?”
The last thing I’d like to talk about is our Sensitivity Analysis. This analysis enables you to conduct what-if analyses. There are two types of tests you can run, a positive and a negative test. With a positive test, you measure the opportunity of an improvement to your risk landscape. In a negative test, you can find which factors in your risk landscape matter the most. (Check out Bryan’s Sensitivity Analysis blog post if you want to dig deeper)
Here are some examples of Positive and Negative Tests for cybersecurity risk assessment:
Want to learn more about other reports you’ll get from running an analysis? Contact a RiskLens Expert.