Webinar: Building a Successful Quantitative Risk Management Program

By Jeff B. Copeland | June 26, 2020


In this webinar, you’ll learn the why and how of setting up a quantitative cyber and IT risk management program from two experienced hands: Teresa Suarez, Senior Manager, Professional Services for RiskLens, who’s advised many Fortune 1000 companies on launching RiskLens FAIR™-based programs and Risk Consultant Ben Storm, a recent recruit to RiskLens who previously led a FAIR program at a Fortune 500 financial firm.

Teresa explains some of the drivers moving organizations toward quantitative risk management:

  • Digital transformation, accelerated by COVID-19 and recession
  • Cybersecurity budget reductions while cyber attacks rise
  • Increasing regulatory and privacy requirements that demand risk management best practices.

All of which expose the inadequacy of traditional, qualitative risk analysis.

As this stack shows, effective risk management starts with an accurate risk model, FAIR, which opens the way for meaningful measurements, effective comparisons among options and decisions made on a cost-benefit basis.

As Teresa explains, to fully realize effective risk management at the enterprise level takes a sophisticated, holistic approach: the RiskLens FAIR Enterprise Model (RF-EM™), which marshals the FAIR model, the RiskLens platform, all the elements of a program (people, process, performance monitoring) and a defined set of outcomes.

But to reach effective risk management generally means to change culture – and that’s where Ben picks up the story, from his experience introducing an enterprise-level FAIR program.

Ben walked through the steps his organization took:

  • A RiskLens Top Risks Workshop and FAIR training to level-set the organization on understanding a new approach to risk management.
  • Doing some initial cost-benefit analyses to quickly justify the decision to onboard RiskLens.
  • Broad buy-in from the organization and ultimately culture change. Because of the inclusive nature of the RiskLens process – data input to the analyses comes from subject matter experts across the organization – “everyone has ownership of the analyses.” Because the data sources are transparent and the output is in financial terms that everyone can understand, the analyses are also defensible.

The final level of success, Ben explains, is trust. “Before we were just risk management professionals. But with the power of the RiskLens platform with FAIR, we have ability to be financial stewards for our organizations…And once we’re able to do this, it’s up to us to be able to get to a level of proactive risk analysis where the business relies on us to help guide decisions while they are being made, as it pertains to cyber and operational risk.”

Fill out the form to view the webinar: