The pandemic, an economic downturn, a rapid shift towards working from home, digital transformations accelerating, a re-arranged risk landscape – 2020 taught us that fast, adaptive decision-making requires clear insight into risks, with results that can be easily communicated across an organization.
As that lesson spread in 2020, at RiskLens we began to see significant market movement to Factor Analysis of Information Risk ( FAIR™). FAIR supports informed decision-making by analyzing and communicating cyber loss exposure in the financial terms that everyone understands. “The pandemic accelerated the maturation of the market,” RiskLens CEO Nick Sanna says, “forcing companies to think about what they need to do in transforming their businesses and what are the top risks in the process. At the same time, budget constraints forced them to focus more on achieving better ROI for risk reduction from security investments. “It’s been a significant evolution in terms of conversations with customers and prospects.”
New Products Introduced in 2020 Extended Our Capabilities
RiskLens announced a series of new, breakthrough products that significantly extended the capabilities of our platform and service offerings to better justify, prioritize and manage the cybersecurity investment decisions and risks that accompany digital growth and transformation.
- The RiskLens FAIR Enterprise Model™, a comprehensive roadmap for scaling a quantitative risk management program that creates flexibility to adopt FAIR and build programs, supporting companies at various levels of maturity and different types of business needs.
- Rapid Risk Assessment, a new capability on the platform that enables analysts to generate in minutes a ranked list of risks (typically 20-40) by probable loss exposure in dollars, for a clear picture of the organization’s top risks and risk landscape, making cyber risk quantification faster and easier than ever before.
- Risk Treatment Analysis, also new on the platform, analysts can now model the effect of different controls for reducing loss exposure on top risks, then compare those results against the cost of controls for true cost/benefit analysis.
New Partnerships in 2020 Extended Our Reach
We signed a series of partnerships that will bring the RiskLens platform and processes to vastly wider market, as covered in these blog posts:
Growing Recognition for FAIR from Risk Management Authorities
FAIR gained higher visibility in 2020, as a series of risk management authorities and standards recommended quantification and FAIR by name.
- The National Institute of Standards and Technology (NIST) recommended risk quantification and FAIR in a new standard for integrating cybersecurity with enterprise risk management (NISTIR 8286).
- COSO issued its first guidance document on applying the widely used COSO Enterprise Risk Management Framework to cyber risk management and recommended the use of FAIR.
- The National Association of Corporate Directors (NACD) Cyber Risk Oversight Handbook also endorsed the use of quantitative risk models including FAIR.
- The FAIR Institute and HITRUST launched an effort to integrate FAIR with the HITRUST CSF, the cybersecurity controls framework in use at hundreds of thousands of organizations.
Recognition for RiskLens as a Market Leader in 2020
RiskLens was named to Deloitte’s 2020 North America Technology Fast 500™ for the second consecutive year and Business Insider named RiskLens CEO Nick Sanna one of 50 “ People Who Led Cybersecurity through What May Have Been Its Most Important Year Ever.”
Coming in 2021…
Building on the momentum and innovation of 2020, expect to see more product and market breakthroughs – including some very significant advances in risk analytics for cybersecurity controls.