Corporate Newsletter - May 3rd, 2016

Why a RiskLens Newsletter? 

  • Stay-up-to-date with the latest news and trends from the leader in cyber risk quantification. 
  • Access new resources that can help your development as a business-aligned cyber risk leader. 
  • Discover new use cases for the RiskLens' platform and how to create value for your organization.

From Nick's Desk

Dear cyber risk professionals,Nick_Sanna.jpg

As the newly appointed CEO of RiskLens, the only cyber risk management platform purpose-built on FAIR, I want to open a communication channel that allows us to share the rapid progress that our industry is making towards a business-aligned and risk-based approach to cybersecurity.

The entire cyber risk ecosystem is coming together, as leading organizations have opened doors by setting up innovative risk programs that finally deliver value to the business. The FAIR risk standard is rapidly spreading: 

  • FAIR user communities are organizing and sharing best-practices.
  • Universities are offering FAIR courses. 
  • Organizations are prioritizing their security initiatives based on ROI. 
  • Boards are demanding cyber risk reports in the financial language they understand. 
  • Regulators are noticing and requiring more formulaic risk assessments.

In this first edition, I want to list the most significant developments at RiskLens in the past 90 days, along with the latest product news and the most popular resources. 

I hope that you find it informative. Please do not hesitate to reply to me directly with any questions or comments that you may have. 

Kind regards,


Nick Sanna, CEO



Leading organizations choose to report on cyber risk in financial terms generating record revenue growth for RiskLens in Q1-2016 

  • Fortune 5 retailer chose RiskLens to report to the board the amount of risk associated with their top 10 technology risks. 
  • Top 10 bank selected RiskLens to complete an enterprise risk assessment in financial terms. 
  • Leading lender used RiskLens to prioritize their cybersecurity initiatives based on business impact. 

Contact us if you are interested in learning more about these types of projects.

RiskLens and Deloitte partner to help organizations build financially-driven cyber risk management programs 

  • Many large organizations are receiving the mandate to build new cyber risk management programs, yet have difficulty finding the right talent or resources necessary to deliver quick results. 
  • Deloitte will leverage the RiskLens platform, as there is growing client demand for quantitative vs. qualitative risk assessments to enable better analysis and decision-making.
  • RiskLens' customers can benefit from Deloitte's pool of expert resources to accelerate and ensure their transition to a risk-based approach to cybersecurity.

The FAIR Community has found a home

  • With the establishment of FAIR as an international standard risk model by the Open Group, an increasingly large number of organizations have selected FAIR as their risk model of choice. 
  • Several of these organizations expressed the need to organize in a forum where they could continue to improve their understanding of FAIR and learn best practices from one another. 
  • That desire became a reality with the creation of the FAIR Institute, whose mission is to help cyber risk professionals learn more about FAIR, develop and share best practices and network with their peers. Get involved today. 

The FAIR Book has been inducted in the Cybersecurity Canon 

Product Announcements

Support for FFIEC CAT added to the Cyber Risk Maturity (CRM) application

  • The FFIEC Cybersecurity Assessment Tool has been added as an additional workshop for Cyber Risk Maturity assessments. 
  • This new workshop helps improve the assessment's accuracy, reporting and security. Read more here
  • CISO of a regional bank: "We recently closed out our OCC Cyber Exam and it was a huge success. Our OCC examiners were especially impressed with the level of detail and thought that we put into our self assessment utilizing the FFIEC CAT via the RiskLens' CRM application." 

Custom Workshops added to both Cyber Risk Maturity (CRM) & Cyber Risk Third-Party (CR3P) applications 

  • Users of RiskLens CRM or CR3P can now add custom questions to their risk assessments. 
  • We heard from both existing and prospective customers that due to their specific company or industry requirements they needed the capability to add custom questions to assessments. We listened and delivered. 

COMING NEXT: Support of greater set of risk analysis types, including operational risks 

  • Users of Cyber Risk Quantification (CRQ) will be able to aggregate analyses conducted with both the 'guided' (cyber) and 'free-form' modules. 
  • This improvement will provide users with great flexibility in aggregating enterprise risk assessments, across a variety of cybersecurity and operational risk scenarios. 
  • Aggregate analyses will allow the inclusion of risk scenarios related to physical security, IT operations, operational risks, etc. in addition to cybersecurity. 

Release expected in the 2nd half of 2016

Popular Resources and Blog Posts