MUMBAI, INDIA: RSA has come up with the RSA Archer Cyber Risk Quantification use case that helps business users quantify their organizations’ financial risk exposure to cybersecurity events. The quantification of cyber risk will empower CISOs to better communicate the impact in financial terms at the Board and senior management levels of an organization.
Prioritizing and rationalizing investments to improve an organization’s security posture, or deciding to transfer risk, is becoming a significant challenge for CISOs today. Cybercrime damages, such as loss of data, theft of IP and fraud, will cost companies $6 trillion annually by 2021.
“Under the threat of high-profile cyber attacks and data breaches, executives and corporate Boards are starting to ask more informed questions about their organizations’ risk exposure,” said David Walter, Vice President, RSA Archer. “RSA Archer Cyber Risk Quantification gives security teams the tool they need to quantify and communicate their cyber needs in a language that business leaders can easily understand. This helps clarify priorities for security investments, and also helps with planning for risk transfer methods such as cybersecurity insurance.”
Many organizations’ current cyber risk management processes are manual, leading to disconnected efforts, ineffective controls, or piles of data with little actionable value. Armed with a holistic understanding of their organizations’ cyber risk, IT risk and security teams can calculate and demonstrate the value of cybersecurity initiatives for senior management. With RSA Archer Cyber Risk Quantification, users can more easily assess the efficacy of their existing cyber risk programs and prioritize top risk reduction opportunities, including identifying the areas of loss for which to consider cyber insurance.
Through a partnership with RiskLens, RSA Archer Cyber Risk Quantification provides built-in risk calibration and analysis engine for cyber risk calculation, templatized workflow for easy scenario modeling, on-demand risk analytics, mathematical simulations to build risk profile with limited data, existing loss tables based on industry data, etc.