Proven Use Cases to Start Quantitative Cyber Risk Management

January 27, 2021  Joe Vinck

With the growing interest in Factor Analysis of Information Risk (FAIR™), we hear a lot from people who have read about FAIR or even taken FAIR training and are really excited about the potential power of cyber risk quantification for risk management - but have come away with the impression that to actually bring a quantitative risk management program to life in their organization would be...



…a slow, evolutionary process.

Well, it is a process of upward evolution from qualitative, opinion-driven, red-yellow-green risk analysis to critical thinking about risk in financial terms. And yes, bringing your entire organization to a common way of thinking about risk as loss events instead of vague worries like “the cloud” is a great step forward.

Joe Vinck is a Strategic Account Executive for RiskLens
But you can jump right into FAIR risk analysis, and derive almost immediate value by focusing on a specific use case and pain point. You can then bring your organization around later when you show them the value in improved insight into risk.


Options to Start Quantitative Cyber Risk Management

We’ve seen new RiskLens clients get up to speed quickly (and persuade their organizations of the value of cyber risk quantification) with the various use cases below, divided into three categories critical to any organization:



Strategic Decisions

Focus on a short list of top risks of concern to the board or senior management. Use cases might include:

Semi-annual Top Risks Reporting

Tracking the scenarios covering existential risks to the organization, and comparing to risk appetite.

Annual CISO Budget

Proving risk reduction and ROI

Annual Insurance/Capital Reserves Review

Assessing insurance and reserves against probable impact from top risks.

RiskLens Product: Rapid Risk Assessment  


Operational Decisions

Emphasis on risks across platforms, business units, asset classes and other categories, to support decision-making with comparative and cost-benefit analysis on digital initiatives, enterprise architecture, regulatory compliance, etc. Use cases might include:

Decision Support for Projects

Moving apps to the cloud/keeping on premise Removing/reducing controls Insourcing/outsourcing SOC

Asset Management

Assess risk of ERP defined projects ID and analyze supply chain risk

RiskLens Products: Rapid Risk Assessment, Detailed Top Risk Assessment  


Tactical Decisions

Prioritizing work and resources on everyday issues,

Routine Policy Exceptions/Risk Accepts

Quantify risk scenarios for full understanding

Routine Threat and Vulnerability Analysis

For SOC issues or other ad hoc situations

Regulatory Response

Answering SEC, NYDFS, CCPA, OSFI, SBS Defending audit findings

Routine Third Party Assessment

Know your vendor C-I-A risk

RiskLens Products: Rapid Risk Assessment, Detailed Top Risk Assessment, Risk Treatment Analysis  


Setting Your Plan

Pick one use case to get started – make it high value in terms of immediate pain reduction for the organization. With a customized proof of value engagement, RiskLens can help you select your first use case, and guide you through the analysis process, so you receive a good look at our platform and working with Factor Analysis of Information Risk, while quickly getting value back in the process. And prior to every full-scale acquisition of the RiskLens platform, together with the client, we develop a charter document that clarifies the issues, timelines and goals for the program.

For a complete view of the capabilities of the RiskLens platform and services, see the RiskLens/FAIR Enterprise Model Guide on a Page

Learn More..

Starting a FAIR program:

Video Interview: Launching a FAIR Risk Management Program at Werner Trucking

Webinar: Launching a FAIR-Based Cyber Risk Management Program at Netflix

How to Write a Charter for a Cyber Risk Management Project

Socializing a FAIR program in an organization:

‘Soft Skills’ for a Successful FAIR Program Launch

Webinar: Overcome Challenges in Adopting FAIR™ and Quantitative Risk Management

How to Describe to Your CEO the Benefits of RiskLens, FAIR and Cyber Risk Quantification in 3 Minutes

What to do first?

Webinar: Identify Top Risks - See RiskLens Rapid Risk Assessment in Action