A risk assessment approach through which Cybersecurity Risk is expressed in
economic terms in order
to provide a better understanding to business stakeholders.
It acts as a bridge between
technology and business objectives and can be utilized to undertake rational and proportional
action
plans.
It provides a method to calculate the return on investment (ROI) of security
initiatives.
Cyber Risk Quantification
What is Cyber Risk Quantification
While the Qualitative Risk Analysis provides a consistent input on risk exposure,
it is difficult to be
interpreted by the business decision makers.
Cyber Risk Quantification does not cancel the
traditional method of Qualitative Risk Analysis, but further expands it in order to provide a risk
analysis and decision tool that will facilitate the design of appropriate and cost effective
mitigation
plans, while it will also provide more meaningful information to the decision makers.
We focus on the identification of Organization’s crown jewels throughout the
business value chain and
the applicable loss events, relevant to the associated industry sector.
Following, we map the
events to potential cyber threats in order to create a list with possible Cyber Security Threats
scenarios.
Each scenario is analyzed in cooperation with the respective Business Owners in
order to
appropriately integrate Cyber Economics and translate the Cybersecurity Threat Scenario into
monetary
terms and be expressed as economic impact.
Finally, we design the respective mitigation plans
calculating the ROI through a cost-effective approach, proportionate to the quantified risk and to
Organization’s P&L.
What is Cyber Economics : Measure and optimize financials related to Cybersecurity Risks and investments