Why quantify cyber risk?

Cyber risk is one of the top concerns for organisations of all sizes

Most companies either do not assess risk or they use inconsistent subjective qualitative approaches

Frameworks for managing risk (ISO, NIST, EBIOS,…) guide activities but do not provide a repeatable, consistent and scalable way of quantifying risk to inform key decisions. 

To ensure the increasing investment in information security controls are allocated to reduce risk in an effective manner, stakeholders across all business functions need to:

  • Understand and communicate about cyber risk in business terms

  • Agree on the organisation’s risk appetite and how to deal with various risks scenarios (tolerate, terminate, treat or transfer)

How to quantify Information Risk?

FAIR (Factor Analysis of Information Risk) is a framework that 

  • defines the variables that compose a risk scenario, beyond the usual probability times impact formula

  • Uses calibrated estimates to associate ranges of values to each of those variables

  • uses Montecarlo probabilistic computation to simulate thousands of scenarios and their possible outcomes

  • Provides a range of probable financial losses for a given Cyber Risk scenario.

The resulting Value at Risk framework helps organisations to make better risk-informed decisions to improve their cyber resilience

What is the FAIR(TM)  Standard?

  • FAIR (TM) (Factor Analysis of Information Risk (TM) ), an Open Group (TM) Standard, is a practical framework for understanding, measuring and analyzing information risk, and ultimately, for enabling well-informed decision making.

  • The use of FAIR (TM) helps prioritize your organization's

investment in Cyber Risk Management by facilitating risk

assessment and quantifying risk in financial terms.

  • It complements existing frameworks like NIST Cyber Security FrameworkISO/IEC 27005, EBIOS

OPenGroup Logo
ISO logo
NIST logo
OPenGroup Logo
ISO logo
NIST logo



Wojo - Cœur Défense - Tour A

110 esplanade du Général de Gaulle

92931 Paris La Défense




+33 (0)1 84 207 005

20190429 - C-Risk Logo.png
  • Blanc Twitter Icon
  • Blanc LinkedIn Icône

Propulsé par Station Spatiale