Cyber Risk Quantification

A major cybersecurity event can dissolve millions of dollars in assets and tarnish even the strongest company’s reputation. As cybersecurity concerns grow and evolve, companies need to be prepared for the inevitable cyber-attacks with strong defenses to identify breaches and minimize damage. But how does leadership know where to invest in cybersecurity? How much is at risk? What should be prioritized? The answer lies in Cyber Risk Quantification (CRQ).

Cyber risk quantification uses industry leading and highly vetted probabilistic models to more accurately describe the cyber security and technology-based risks facing an organization. Protiviti has been quantifying cyber risk since the beginning. Leveraging Subject Matter Experts (SME), such as business users, asset owners and key technical experts that may not have been previously included in cyber risk assessments; while taking data readily available to these SME’s, we are able to gather data more rapidly and make more accurate measurements for each factor within a given risk.

As a Founding Advisory Partner of the FAIR Institute, and a partner of RiskLens, the leading software as a service based on the FAIR model, the team at Protiviti is comprised of all levels from varying backgrounds, all specializing in quantifying risk. Typical engagements can range from a small scoped engagement, lasting a couple of days, all the way to a full program transformation and even maintenance.

RESOURCES

• Understanding Changes in Resilience Risks from Technology Advancements
  
  Having a process to keep your board well informed about the organization’s level of resilience and how those changes are tracked is critical. Factor Analysis of Information Risk (FAIR), a model created to quantify unknown cybersecurity risks, can be used to measure resilience while simultaneously enabling your organization to derive significant benefits and savings. When your board asks what the organization is doing to enhance its resiliency, overlaying the reduction of resilience risk from planned projects will provide a simple but effective visual response to the query.  
  
  This paper summarizes the importance of using FAIR to understand changes in resilience risks, how the model can be used to calculate loss exposure reduction resulting from the implementation of technologies such as cloud, and to gauge how much capital to hold against operational risk as part the organization’s Comprehensive Capital Analysis and Review (CCAR) and risk-weighted asset calculations. 
• Security & Privacy Playbook
  
  Yesterday’s innovation is today’s status quo, and any business that doesn’t stay ahead of the curve falls behind. But technology is rarely the sole solution to business challenges. Understanding the business process you want to enable, the customer experience you want to create or the critical information you need to protect is a necessary first step in making technology work for you. 
  
  Protiviti leverages emerging technologies and methodologies to innovate, while helping organizations transform and succeed by focusing on business value. 
• Measuring CRQ – Eliminating the Guesswork
  
  Cyber risk is best evaluated through a probabilistic, quantifiable approach like FAIR, which allows organizations to understand potential financial outcomes from rigorously evaluated loss event scenarios. Understanding the point at which a loss event will exceed the organization’s risk threshold or capacity to sustain those losses would put decision-makers in a better position to make well-informed decisions and make more impactful investments to mitigate cyber risk.
• Moving Beyond the Heat Map: Making Better Decisions with Cyber Risk Quantification
  
  A major cybersecurity event can dissolve millions of dollars in assets and tarnish even the strongest company's reputation. As cybersecurity concerns grow and evolve, companies need to be prepared for the inevitable cyber attacks with strong defenses to identify breaches and minimize damage. But how does leadership know where to invest in cybersecurity? How much is at risk? What should be prioritized?
• The Guide to Business Continuity and Resilience
  
  In the current environment, in which businesses of all sizes and types are being tested in unprecedented ways by the COVID-19 pandemic, business continuity and resilience has become a critical discussion in boardrooms and C-suites around the world. The pandemic’s widespread impact has forced organizations to revisit business continuity planning (BCP) and how to embed BCP practices in day-to-day operations. Operational resilience has taken on new urgency, as the expectations of business leaders to lead resilience efforts, not by assumptions, but with meaningful and substantiated data, intensifies. To help organizations prepare and plan for disruptive events, Protiviti examines critical and pressing concepts about business continuity management and related practices in our Business Continuity & Resilience Resource Guide.
• Using FAIR to Understand Change in Resilience Risk 
  
  How resilient is your organization? How can you track your organization’s change in resilience? As policies and technologies change with time, organizations need to adopt effective methods to quantify the degree of downtime that will cause irreparable harm to their business.
  
  This webinar is a step-by-step walk-through from the primary authors of Protiviti’s latest thought leadership piece, Understanding Changes in Resilience Risks From Technology Advancements. Listen to the on-demand recording here.
• Tech Insights Webinar Series
  
  Join Protiviti’s new Tech Insights Webinar Series to learn about the technology trends that will shape your organization’s future.
  
  This series brings together our top tech experts who will deep dive into technologies that enhance your business. From cybersecurity to the cloud, we break it down for you and provide actionable insights for success.