We are frequently asked about what differentiates RiskLens from alternative approaches to assessing cyber risk. The following comparisons should help to clarify the important differences.
Organizations use a variety of solutions to measure their cybersecurity risk:
Qualitative assessments
- These solutions offered by GRC tools or large consulting companies allow users to score risk using ordinal scales (1-5 or 1-10), "t-shirt sizing" (high, medium, low) or color codes (red, yellow, green). While these qualitative assessments are helpful in distinguishing between high and low risks, they do not enable effective decision-making regarding how much to invest in security, how to prioritize risk mitigations or how much cyber insurance to buy. Ordinal measurements also rarely, if ever, support a clear articulation of confidence or provide the means to express the continuum of exposure – i.e., the continuum between "best case" and "worst case".
Quantitative, in-house spreadsheet-based solutions
- Some organizations attempt to build in-house solutions based on a combination of spreadsheets, customized risk models and some mathematical simulation tool. Very quickly, they realize that while the initial prototype allowed for a certain quantification of individual risk scenarios, as soon as they try to aggregate risk, the whole construct falls down. When it does collapse, the construct reveals the impact of unforeseen design flaws, risk model limitations and difficult-to-tame mathematical algorithms. That's where they start wondering if building custom risk management applications is the business they should be in.
Ad hoc consulting-based quantification solutions
- Other organizations try to leverage solutions from consulting companies that are trying to market their risk quantification solutions like software applications; only to discover later on that their risk assessment process was created ad hoc and that the scalability and maintenance of their implementation is doubtful. In addition, customers have to put their trust in proprietary risk models whose underpinnings are not clearly documented, openly shared and subject to market scrutiny and validation.
Purpose-built cyber risk management platforms
- RiskLens has overcome the limitations mentioned above by building a next-generation platform designed to assess cyber risk holistically, based on a recognized international risk standard (FAIR). The RiskLens platform is not only capable of supporting user-driven, enterprise-level risk quantification analyses, but also of measuring an organization's capacity to manage risk over time. This helps organizations assess both cause (risk management capabilities) and effect (quantification of risk).
What else sets RiskLens apart? The following table summarized the main differentiating points that explain why RiskLens is becoming the de facto standard solution for assessing risk in quantifiable terms.
| What Sets RiskLens Apart? | Why Does It matter? | |
|---|---|---|
| Purpose-built platform |
|
|
| Modular applications |
|
|
| Domain Expertise |
|
|