Quantifying Cyber Risk: Why You Must & Where to Start

Quantifying Cyber Risk: Why You Must & Where to Start
Quantifying cybersecurity risks can be a critical step in understanding those risks and getting executive support to address them.
(image by Egor, via Adobe Stock)

Risk. According to Mirriam-Webster the word has several meanings. First is "possibility of loss or injury: PERIL." A little down the list comes, "the chance of loss or the perils to the subject matter of an insurance contract, also: the degree of probability of such loss." Now, from a business perspective, we're getting somewhere.


The cybersecurity world is accustomed to talking about risk in colorful terms. "Code red," "condition yellow," and the like have long been used to discuss the immediate risk environment. But as cybersecurity has become an issue for business executives as much as technology managers, the language has changed and risk has shifted to a quantitative conversation.


A sign of maturity


Brian Riley, senior director of global cyber risk management at Liberty Mutual says, "Putting numbers or metrics around risk allows you to have a different level of conversation about what that means." He explains that the differences not only allow the conversations to take place with different business groups, but are indicative of a growing maturity in the field of cyber risk.


One sign of cybersecurity maturity is adoption of a common language and analytical framework to describe risk in terms other lines of business understand.


There are a number of organizations that have developed ..

Support the originator by clicking the read the rest link below.