In a new report, “Cyber Risk Quantification Landscape, Q4 2022,” leading global research and advisory company Forrester calls Cyber Risk Quantification (CRQ) the way that CISOs “…engage in more meaningful cyber risk discussions with the business,” names RiskLens a “notable vendor” of CRQ software solutions and services and calls Factor Analysis of Information Risk (FAIR™) the “most popular” methodology for quantitative cyber risk analysis. RiskLens is the creator of FAIR.
“We believe that in this research, Forrester recognizes a remarkable moment in the evolution of cybersecurity,” RiskLens CEO Nick Sanna commented. “The coming together of models, software and data to enable cyber risk quantification. CRQ is not an overlay on current practices in cyber risk measurement and management but a sea change, moving cybersecurity from a narrow technical discipline to a business function operating in the common financial language of business.”
Why Pivot to CRQ Software?
As the “Cyber Risk Quantification Landscape” report points out,
the main trend behind the CRQ movement is demand from the board, C-suite and regulators for financially based reporting that aligns cybersecurity with the rest of the enterprise. “The benefit of a firm’s cybersecurity investment isn’t limited to deterring specific cyberthreats or maturing security controls,” Forrester says. “It also delivers value by protecting the firm’s bottom line and enabling business outcomes.”
Forrester offers some valuable guidelines for CISOs seeking to engage in CRQ while also suggesting some critical warnings: “To ensure CRQ results are actionable — not academic — prioritize vendors that offer a combination of data for historic context, services to operationalize, and technology to scale CRQ efforts.”
The “Cyber Risk Quantification Landscape” report lists five top use cases for CRQ:
- Articulate ROI of current cybersecurity investment
- Prioritize risk treatment and remediation strategies
- Quantify current cybersecurity risk to boards of directors
- Rationalize and calibrate risk transfer strategies
- Justify current cybersecurity budget and future investment
Forrester also notes the following trends and suggestions:
- "Firms in this market…report customers making the transition from experimentation to a more programmatic approach to CRQ.”
- “Organizations implementing CRQ will need the right level of expertise to interpret the results and the means to make the process sustainable to repeat and benchmark annual and year-over-year results.”
- "Be open-minded about the different CRQ methodologies…that fit your firm’s level of expertise and internal data but be sure they produce reliable measures for the decisions at hand.”
- “Prioritize vendors that offer a combination of technology, services, and data. To realize the value of CRQ requires more than a model.”
What Makes RiskLens Stand Out in Cyber Risk Quantification
We’re honored that Forrester named RiskLens a “notable vendor” in the report “Cyber Risk Quantification Landscape, Q4 2022.” RiskLens’s self-reported go-to-market focus by use case includes:
- "Articulate ROI of current cybersecurity investment”
- "Prioritize risk treatment and remediation strategies”
- "Quantify current cybersecurity risk to boards of directors”
- "Justify current cybersecurity budget and future investment”
We believe we fulfill key software, services and data capabilities including:
- Software facilitating cyber risk analysis by use case (such as Cybersecurity Prioritization and Justification) covering the five proof-of-concept cases
- An analytics platform purpose-built on FAIR, the defensible methodology for cyber risk quantification maintained as an open standard by the Open Group and recommended by the NIST CSF
- CRQ program-building led by the most experienced Services team in the world
- The leading data science team devoted to cyber risk quantification producing just-in-time data for fast, on-demand cyber risk assessments on the RiskLens analytics platform
Explore the “Cyber Risk Quantification Landscape, Q4 2022” report – access your complimentary copy here – and reach out to us with any questions on your journey with CRQ.