The influential Director’s Handbook on Cyber-Risk Oversight, recently released by the National Association of Corporate Directors (NACD), sets its first principle as “Directors need to understand and approach cybersecurity as a strategic, enterprise risk, not just an IT risk.”
Executive Board Reporting, a new service from RiskLens, provides customized, quarterly cyber risk reports in non-technical, business-friendly formats with financial metrics suitable for presentation to the board, executive leadership, and other critical stakeholders. These reports include top risk and aggregate risk reports, measurable risk appetite statements, key cost-benefit analyses and more quantitative cyber risk analysis.
1. Risk quantification based on an open, trusted, and defensible standard: FAIR™
RiskLens bases its cyber risk analysis work on FAIR (Factor Analysis of Information Risk), the only open and independently-validated standard for cyber risk quantification (CRQ) in financial terms, recognized by the NIST Cybersecurity Framework and other authorities. In a marketplace crowded with “black box” solutions for cyber risk analysis, RiskLens provides a defensible answer to the inevitable question from the board, “Where did you get the numbers?”
2. Aligned with NACD and other guidelines for boards on cyber risk oversight and governance
The NACD Directors Handbook on Cyber-Risk Oversight and the World Economic Forum (WEF) Principles for Board Governance of Cyber Risk both recommend boards demand reporting on cyber risk in business-friendly, non-technical terms. The WEF says, “Instruct management to establish a consistent framework, using industry-accepted risk quantification models, for calculating the potential economic impact and likelihood of cybersecurity scenarios” – essentially an endorsement of the quantitative, scenario-based methods of FAIR.
3. Grounded in industry benchmark data on cyber risk
The RiskLens data science team maintains the industry’s most comprehensive set of cyber risk benchmark data to support the RiskLens quantitative risk analytics platform. CISOs can demonstrate RiskLens data science credibility with our My Cyber Risk Benchmark tool and the RiskLens Annual Cybersecurity Risk Report.
Cyber risk quantification offers the most effective way to create a common language between technical and business decision makers. For more than a decade, RiskLens has served hundreds of organizations of all industries and sizes, and with a range of CRQ priorities and unique reporting needs. Contact us to learn how the Executive Board Reporting service can bring the benefits of CRQ to your organization.