November 8, 2022

Original post is https://modernciso.com/2022/11/08/getting-started-cyber-risk-quantification-and-decisioning/.

Over the last few years, there has been increasing interest by CISOs and business leaders in cybersecurity risk quantification. Many of the CISOs we are working with are keen to connect security risk to the language of business.

In this article, Graeme Payne reviews how cyber risk quantification and decisioning can be used to communicate cyber risk more clearly and accurately to the business, including:

• Pitfalls of the traditional approach to communicating cyber risk

• The shift to cyber risk quantification and decisioning

• Where to start your cyber risk quantification journey

• Why now is the time to start

​

​

The shift to cyber risk quantification

There are multiple approaches and tools available to help CISOs in quantifying cybersecurity risk. Kudelski Security has teamed up with X-Analytics, a leading provider of cybersecurity risk decisioning services. X-Analytics is a patented and validated cyber risk decisioning platform that is changing how executives, boards and the risk management industry understand and manage cyber risk.

​

X-Analytics leverages a combination of firmographic data about the organization and historical cybersecurity incident data to deliver financial metrics that enable better cyber risk decisions.  Key factors addressed in the model include:

• Threat

• Impact

• Inherent risk

• Control effectiveness

• Residual risk

• Loss categories

The model also allows for “what if” simulations to model potential investment returns in evolving the security program.

​

Please visit complete post here.