The leading research and advisory firm Gartner named RiskLens as a sample vendor for cyber risk quantification (CRQ) in its Hype Cycle for Cyber and IT Risk Management, 2021, an annual survey that we believe is widely read by technology buyers seeking guidance on risk management solutions.
Gartner has previously cited RiskLens as a sample vendor in its reports on integrated risk management and financial data risk assessment, as well as advocating for cyber risk quantification as a critical capability for integrated risk management. (Note that Gartner does not endorse any product or service.) The cyber risk quantification section of the report was authored by Khushbu Pratap, Jeffrey Wheatman, Sam Olyaei and Christine Lee.
We agree with Gartner’s outlook on CRQ, especially for its value in risk prioritization and communication, and in decision support for tactical issues such as justifying spend or investment in IT modernization, cyber insurance, and M&A. RiskLens clients are already using our cyber risk quantification platform for use cases suggested by Gartner:
- Identifying top risks to the organization
- Facilitating treat-or-accept decisions on risk
- IT tactical decisions, such as cloud vs on-prem
Looking forward, Gartner suggests two areas for cyber risk quantification to advance in – and at RiskLens, we believe we are following through.
- On the data used for analysis, Gartner suggests reducing subjective inputs and irrelevant loss events – The RiskLens data science team scrubs and curates industry data and packages it for easy use by clients via Data Helpers.
- Gartner suggests that risk scenarios to be analyzed should be closely tied to business outcomes – the RiskLens platform’s guided workshop format for data collection and the analysis output focus every analysis on a result in financial terms relevant to the business.
RiskLens endorses these pointers, also found in the Gartner report:
- Invest in a quantification solution if it offers significantly more confidence for decision makers than qualitative judgments. We believe that there’s no contest: quantitative analysis, with its output in ranges of probable outcomes gives the clearest picture of the problem space.
- Don’t confuse cyber risk quantification in financial terms, as generated by RiskLens, with security ratings services or others that generate a single score or index – not a defensible input for decision-making.
Note from Gartner:
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.