What We Heard from Cybersecurity and Risk Teams While Developing My Cyber Risk Benchmark

March 23, 2022  James Graham

Benchmark - What We Heard from Cybersecurity and Risk TeamsAt RiskLens, our mission is to help organizations understand and communicate their cyber risk in dollars and cents, and My Cyber Risk Benchmark has already accomplished that goal for hundreds of organizations. 

But being risk experts, as we developed this revolutionary new tool, we understood the need to test and preview with a wide range of organizations that gave us invaluable feedback.

Here are just a few of the things people told us when we showed them My Cyber Risk Benchmark: 

It’s a fast way to high-level insights into cyber risk

Our early-access participants told us they were impressed with how quickly My Cyber Risk Benchmark was able to deliver quantified results for their industry.  Organizations that had very little experience with cyber risk quantification (CRQ) noted that the tool challenged their assumptions that quantification was a laborious process requiring vast amounts of resources.  And even organizations with thriving FAIR™ (Factor Analysis of Information Risk) CRQ programs mentioned being impressed with how fast the tool delivers results. 

Get a free cyber risk report for your industry now.

It’s easy to use, regardless of CRQ maturity

We talked to organizations at all stages of the CRQ journey, and almost everyone we talked to told us that My Cyber Risk Benchmark was easy to configure, consume and contextualize.  We designed the tool to provide as much valuable information as possible without placing a burden on the user to understand every nuance of the quantification engine under the hood. Many told us the graphs that accompany the quantified results were very accessible, and that the supplemental documentation available within the tool answered many of their questions, including how to understand and explain the calculations.

It provides valuable information for a range of organizations

Benchmark - Insider MisuseOn particularly interesting point of feedback came from organizations that had business lines in multiple industries.  These folks told us that My Cyber Risk Benchmark was the first CRQ tool they had seen that helped them quickly and easily understand the high-level areas of risk for their multiple business lines, all packed into a single place. Others were impressed that we had ready-made data points for less-obvious but risk-minded industries like manufacturing. 

It's a great way to introduce CRQ

This one came from many of the organizations that were just starting out with CRQ and were looking for powerful ways to show their stakeholders the value of a FAIR-based approach. These organizations generally had very little in the way of dedicated risk management resources and tended to be very focused on preventing and addressing threats and attacks. These organizations told us they would absolutely use My Cyber Risk Benchmark to help demonstrate what CRQ looks like, and that they believed even these high-level statistics around cyber risk would really help them make the case for adoption, and in turn help them accelerate the organization’s journey.