SUBSCRIBE TO THE BLOG
Stay up-to-date with the latest insights and blog posts from RiskLens.
SEARCH THE BLOG
Some 300 participants joined RiskLens Marketing VP Steve Ward for as concise and complete an introduction to cyber risk quantification, the FAIR model, and the RiskLens platform as you’ll find in under an hour. We’ve archived the webinar so you can see it now (registration required).
In “Align Security to Your Business – Quantify Cyber Risk”, Steve covers these key points:
A quantified approach to cyber (and technology and operational) risk is the direction that the industry is moving in. The driver: “People are recognizing that cyber risk is one of the biggest risks that the business faces.”
That’s leading to an “expectation change” for CISOs. But the conventional cyber risk measurement toolkit – highly subjective and qualitative methods like heat maps – can’t answer the basic, pressing questions from the organization about cyber risk, like “What’s the ROI for cybersecurity investments?” Nor can they satisfy the increasing demands from regulators like the SEC for more transparency on financial risk from cyber.
The FAIR model gives a conceptual foundation for organizations to move forward from here. “FAIR helps us gain a solid understanding of how we scope out a risk, how we define it, and then how we can move forward with assessing it,” Steve says. It starts with FAIR’s simple – and clarifying – focus on risk only as a “loss event” (and not the many other perceived risks that often populate risk registers, such as “the cloud” or “cyber criminals”).
FAIR is increasingly recognized as the de facto standard for cyber risk quantification. The National Institute of Standards and Technology is in the process of incorporating FAIR to its NIST CSF, the most-used cybersecurity framework in the US. The influential tech consultancy Gartner recently recommended combining FAIR with Integrated Risk Management (IRM) as part of the evolution to “digital transformation.” And close to 7,000 risk and security professionals have now joined the FAIR Institute.
The RiskLens platform, purpose built on FAIR, “helps FAIR scale to the enterprise” by integrating the model near real-time to an organization’s security system feeds. But it’s more than a piece of software. The RiskLens team also sets up a program for customers so they are able to be a fully functioning, quantification-powered risk management shop in under six months. “We have the most expertise in the market with actually building quantitative risk programs,” Steve adds.
Learn more – Watch the webinar “ Align Security to Your Business – Quantify Cyber Risk” now. Registration required.