Forrester Cyber Risk Quantification Landscape, Q4 2022 Report Recognizes RiskLens as a ‘Notable Vendor’ for CRQ Solutions and Services, Calls FAIR ‘Most Popular’ Methodology

December 16, 2022  RiskLens Staff

Forrester 2022 Cyber Risk Quantification Landscape Report - DetailIn a new report, “Cyber Risk Quantification Landscape, Q4 2022,” leading global research and advisory company Forrester calls cyber risk quantification (CRQ) the way that CISOs “…engage in more meaningful cyber risk discussions with the business,” names RiskLens a “notable vendor” of CRQ solutions and services and calls Factor Analysis of Information Risk (FAIR™) the “most popular” methodology for quantitative cyber risk analysis. RiskLens is the creator of FAIR. 

“We believe that in this research, Forrester recognizes a remarkable moment in the evolution of cybersecurity,” RiskLens CEO Nick Sanna commented, “the coming together of models, software and data to enable cyber risk quantification. CRQ is not an overlay on current practices in cyber risk measurement and management but a sea change, moving cybersecurity from a narrow technical discipline to a business function operating in the common financial language of business.”

Forrester Logo 2022As the “Cyber Risk Quantification Landscape” report points out, the main trend behind the CRQ movement is demand from the board, C-suite and regulators for financially based reporting that aligns cybersecurity with the rest of the enterprise. “The benefit of a firm’s cybersecurity investment isn’t limited to deterring specific cyberthreats or maturing security controls,” Forrester says. “It also delivers value by protecting the firm’s bottom line and enabling business outcomes.”  

Forrester offers some valuable guidelines for CISOs seeking to engage in CRQ while also suggesting some critical warnings: “To ensure CRQ results are actionable — not academic — prioritize vendors that offer a combination of data for historic context, services to operationalize, and technology to scale CRQ efforts.”

The “Cyber Risk Quantification Landscape” report lists five top use cases for CRQ:

  1. Articulate ROI of current cybersecurity investment  
  2. Prioritize risk treatment and remediation strategies 
  3. Quantify current cybersecurity risk to boards of directors  
  4. Rationalize and calibrate risk transfer strategies 
  5. Justify current cybersecurity budget and future investment  

Forrester also notes the following trends and suggestions:

  • "Firms in this market…report customers making the transition from experimentation to a more programmatic approach to CRQ.”
  • “Organizations implementing CRQ will need the right level of expertise to interpret the results and the means to make the process sustainable to repeat and benchmark annual and year-over-year results.”
  • "Be open-minded about the different CRQ methodologies…that fit your firm’s level of expertise and internal data but be sure they produce reliable measures for the decisions at hand.”
  • “Prioritize vendors that offer a combination of technology, services, and data. To realize the value of CRQ requires more than a model.”

We’re honored that Forrester named RiskLens a “notable vendor” in the report “Cyber Risk Quantification Landscape, Q4 2022”. RiskLens’s self-reported go-to-market focus by use case includes:

  • "Articulate ROI of current cybersecurity investment”
  • "Prioritize risk treatment and remediation strategies”
  • "Quantify current cybersecurity risk to boards of directors”
  • "Justify current cybersecurity budget and future investment”

We believe we fulfill key software, services and data capabilities including:

Forrester 2022 Cyber Risk Quantification Landscape Report Q4

Explore the “Cyber Risk Quantification Landscape, Q4 2022” report – access your complimentary copy here. – and contact us to reach out with any questions on your journey with CRQ.