“Cyber risk has reached the point of such material impact on the company’s bottom line and financial stability that CFOs must bring some of the rigor of running a firm’s finances to cybersecurity initiatives,” writer Jennifer Zaino explains.
Jack adds that CISOs need to meet that need by showing how IT infrastructure connects to critical business processes, such as reconciliation and underwriting, so CFOs can make informed decisions on security investments. The FAIR™ model (the risk analysis process that’s operationalized on the RiskLens platform) “let’s us think about risk in terms of the range of loss,” Jack said. FAIR cyber risk quantification lets CISOs “hook into the accountancy function.”
The article quotes Steve Livingston, cyber principal for Deloitte Risk and Financial Advisory, saying that, with cyber risk quantification software, organizations can create “cybersecurity balance sheets” so a CISO and CFO can sit down “with one page and say, ‘Here are the lines of business and here are the most risky items,” and target security investments accordingly.