Financial Management Magazine, the publication of the Association of International Certified Professional Accountants (AICPA) interviewed RiskLens Risk Science Director, Jack Freund, PhD, for an article “Integrating Finance and Cybersecurity” to make some key points on the necessity for quantifying cyber risk in financial terms.
“Cyber risk has reached the point of such material impact on the company’s bottom line and financial stability that CFOs must bring some of the rigor of running a firm’s finances to cybersecurity initiatives,” writer Jennifer Zaino explains.
Jack adds that CISOs need to meet that need by showing how IT infrastructure connects to critical business processes, such as reconciliation and underwriting, so CFOs can make informed decisions on security investments. The FAIR™ model (the risk analysis process that’s operationalized on the RiskLens platform) “let’s us think about risk in terms of the range of loss,” Jack said. FAIR cyber risk quantification lets CISOs “hook into the accountancy function.”
The article quotes Steve Livingston, cyber principal for Deloitte Risk and Financial Advisory, saying that, with cyber risk quantification software, organizations can create “cybersecurity balance sheets” so a CISO and CFO can sit down “with one page and say, ‘Here are the lines of business and here are the most risky items,” and target security investments accordingly.