Skip to Content
Security Jan 30, 2023

Why the time is now for cyber risk quantification and management

By Lee Stephens Head of security advisory services, UK

Most businesses deploy over 130 security tools to detect and contain the most crucial threats.

Yet despite all of these investments - in 93% of cases, an external attacker can still breach an organisation's network perimeter and gain access to local network resources in less than two days.

A recent report from ThoughtLab also found that, when asked, 29% of CEOs and CISOs and 40% of chief security officers admit their organisations are unprepared for today’s rapidly changing threat landscape.

Growing pressure to evolve security measures

With increasingly sophisticated cyber threats, there are now widespread calls for reform and increasing the regulatory pressures on global organisations to improve their cyber resilience.

The US Securities and Exchange Commission (SEC) has recently amended its legislation to enforce tougher reviews of cyber risk management from the boardroom. In particular, they highlight the importance of board members having access to an accurate, real-time understanding of cyber risk posture. And, following these measures, the European Union is also set to introduce the Digital Operational Resilience Act (DORA), which focusses on imposing greater internal security processes and resilience measures within global organisations.

What will boardrooms need?

As these recommendations become compulsory, organisations will need to show they have a proactive approach to security and will be expected to prove the effectiveness of the steps they’re taking. To do this successfully, business leaders and board members will need to have:

  • better measurement of their company’s risk posture
  • data-driven and real time reporting of security threats
  • proven ways to minimise data breach costs
  • cost-based cyber risk conversations within a solid business context
  • real time compliance status updates.

A refreshing, new approach

For these reasons, leading industry experts are now pointing towards the potential value that Cyber Risk Quantification (CRQ) could offer organisations. It’s a methodology designed to objectively measure enterprise-wide cyber risk and calculate the financial impact of a breach to operations. In fact, a recent study from Gartner found that 70% of Security Risk Management leaders are now planning to adopt a CRQ solution in the next two years.

By applying this method, organisations can gain a better understanding of the risks and security gaps across their estate. Then, with access to reliable figures, they can have data-driven and impact-oriented boardroom discussions around these security risks and how they should address them. The latest ‘Cost of a Data Breach’ Report from IBM and the Ponemon Institute even suggested that using risk quantification methods can reduce the cost of a potential data breach by 48%.

Quantify your risk

We’ve partnered with SAFE Security to deliver their Cyber Risk Quantification Management platform to our customers. Using this AI-based platform, we can work with you to reliably monitor your cyber risk posture consistently across your entire estate. It will assess the configuration and risk coming from your users and infrastructure to build a real time view of your risks and then deliver a set of actionable insights. This then enables efficient cyber security communication, investment and risk sharing.

A risk score is calculated using real-time data signals from across your organisation and external threat intelligence. This provides a consistently accurate and predictive measurement of your financial risk, at any time. The solution has even been awarded the best Risk Management Product by the 2022 CISO Choice Awards.

To find out more about how we could help your organisation navigate the journey towards effective and real-time Cyber Risk Quantification, please read our datasheet.