Security News > 2021 > March > What is cyber risk quantification, and why is it important?
Verton goes on to mention something even more troubling, "Half of the respondents reported they have a lack of confidence in their ability to communicate and report the financial impacts of cyber risks, with a quarter saying they do not have a cyber risk quantification technology deployed at their company."
Mark Tattersall, vice president of product management at LogicGate, in his blog The Business Case for Risk Quantification, does an excellent job of defining cyber risk quantification.
"For many years projects have been prioritized based on qualitative assessments of likelihood and numerically weighted scales, whereas risk quantification supports more rigorous decision-making by quantifying the potential financial loss to your business due to a risk scenario," wrote Tattersall.
The FAIR Institute website mentions their platform provides a model for understanding, analyzing and quantifying cyber risk and operational risk in financial terms.
The FAIR model is being integrated into established enterprise risk management and cybersecurity frameworks such as NIST, COSO and HITRUST.The benefits of cyber risk quantification.
Tattersall mentioned, "Risk quantification empowers CISOs and CROs to be more strategic in their risk decision-making by integrating the financial impact of risk management, mitigation, and control and allowing you to make a strong business case when you present to the board."