Why quantify cyber risk?

Icon security

Cyber risk is now one of the top concerns for organisations of all size.

Icon statistics

Today, most companies do not assess risk or they do using subjective qualitative methods.

Icon globe

Frameworks for managing risk (ISO, NIST, EBIOS,…) guide activities but do not provide a repeatable, consistent and scalable way of quantifying risk to inform key decisions. 

Icon key

To ensure the increasing investment in information security controls are allocated to reduce risk in an effective manner, stakeholders across all business functions need to:

  • Understand and communicate about cyber risk in business terms
  • Agree on the organisation’s risk appetite and how to deal with various risks scenarios (tolerate, terminate, treat or transfer)

How to quantify Information Risk?

FAIR ™ (Factor Analysis of Information Risk)

The resulting Value at Risk framework helps organisations to make better risk-informed decisions to improve their cyber resilience

  • Defines the variables that compose a risk scenario, beyond the usual probability times impact formula
  • Uses calibrated estimates to associate ranges of values to each of those variables
  • Uses Montecarlo probabilistic computation to simulate thousands of scenarios and their possible outcomes
  • Provides a range of probable financial losses for a given Cyber Risk scenario.

What is the FAIR(™) Standard  ?

  • FAIR (™) (Factor Analysis of Information Risk (™) ), an Open Group (™) Standard, is a practical framework for understanding, measuring and analyzing information risk, and ultimately, for enabling well-informed decision making.
  • The use of FAIR (™) helps prioritize your organization's investment in Cyber Risk Management by facilitating risk assessment and quantifying risk in financial terms.
  • It complements existing frameworks like NIST Cyber Security FrameworkISO/IEC 27005, EBIOS
ISO 31000 risk mgt process

By continuing to browse this site, you accept our CGU as well as our Privacy Policy