Learn more in this RiskLens webinar: Assessing Cyber Risk? Start with Industry Data.
Register now to watch on demand.
Good risk analysis requires good data that’s both reliable and relevant to the organization and specifically for FAIR™ quantitative analysis covers frequency and financial impact of cyber loss events.
But we’ve consistently heard from CISOs and cyber security and risk managers these problems with sourcing and using data:
In fact, there is plenty of good raw material for cyber risk analysis in the data available from public sources, including SEC filings, and collected by private firms such as Advisen or Verizon but it takes expertise to refine it for ready use in risk analytics. The RiskLens data science team has cracked that problem by applying extensive field knowledge (gained from bringing FAIR™ risk quantification to a wide client base) with advanced data analytics to mine actionable insights from a huge trove of data.
The building block of the RiskLens system is the risk (or loss event) scenario. Following FAIR, a risk scenario includes a threat actor impacting an asset by some means resulting in a loss. Example:
“Analyze the risk associated with a malicious privileged insider impacting the confidentiality of the PII contained in the Crown Jewel database via mis-use of their access.”
In FAIR analysis, we quantify the factors (such as probable frequency of attack by an insider, probable costs resulting from a breach of confidentiality) to arrive at a range of probable loss exposure in dollar terms. All that requires gathering reliable, relevant data.
The RiskLens data science team automated the process to create a vast library of over nine million scenarios covering a huge range of data inputs and outcomes and sorted by industry. The scenarios are fine-tuned to account for differences across industries; for example, healthcare organizations are twice as likely to suffer a data breach due to a malicious insider compared to financial organizations. Scenarios can also be customized based on geographic location, company revenue size, data type, threat actors and more.
More speed, better accuracy for risk analysis and benchmarking against industry norms for risk management – RiskLens is delivering these values through two product innovations:
Coming soon: Look for more product innovation from RiskLens to provide a fast and easy way to benchmark cyber risk against industry peers.
Watch the webinar: Assessing Cyber Risk? Start with Industry Data.