In today’s connected world fueled by the digital transformation, the more digital the business, the more the differentiation between cyber risk and business risk disappears. As part of their fiduciary responsibility toward shareholders and customers, boards and executives are expected to incorporate cyber risk management as part of their business strategy. This adds considerable challenges to already overwhelmed IT risk and security teams in translating technical risks into business terms – namely financial impacts. A key element to address these challenges is bridging the ‘gap of grief’ – translating IT and security risk into business terms. For IT and security teams to adequately communicate security threats to the business, the business must understand the risk in the context of the business. Most often, cybersecurity is treated as a technical concern, and important business questions such as "are we doing enough?" and "are we spending too much or too little?" get unsatisfactory responses, if any.
I am pleased to announce RSA Archer's latest addition to our Suite of use cases - RSA Archer® Cyber Risk Quantification. The RSA Archer Cyber Risk Quantification use case is designed to quantify an organization’s financial risk exposure to cybersecurity events. This new use case helps CISOs prioritize risk mitigation efforts based on business and financial impact and communicate the impact of cyber risk in financial terms to the board and senior management. Armed with this financial data, organizations can make more informed decisions regarding their risk and security investments or cyberinsurance coverage.
RSA Archer Cyber Risk Quantification utilizes a purpose-built platform that leverages the Factor Analysis of Information Risk (FAIR) methodology, a well known standard for quantitative risk assessment for IT and cybersecurity risk management. This new use case under the RSA Archer IT & Security Risk Management solution area provides a set of modular approaches to help organizations get started quickly, including mathematical simulations to build a risk profile with limited data. RSA Archer Cyber Risk Quantification utilizes a built-in risk calibration and analysis engine to “do the math” and a user interface and workflow to provide a user-friendly process for risk data collection and quantification. On-demand risk analytics provide answers to questions on the fly, eliminating the need to create time-consuming and outdated reports.
RSA Archer Cyber Risk Quantification, delivered through a strategic partnership with RiskLens, enables businesses to quantify and communicate their cyber risk in the common business language of monetary terms. Armed with the understanding of cyber risk in financial terms, the business can calculate and demonstrate the value of cybersecurity initiatives.