Blog Post
April 6, 2021
With cybercrime said to have cost the global economy $1 trillion dollars[1]; understanding the financial impact of cyber risk has become even more critical for C-level decision makers and Boards of Directors.
With Financial Quantification for Enterprise Cyber Risk (FQ-ECR), Kovrr in partnership with BitSight enables business decision makers to understand and financially quantify the changing profile of their cyber risk exposure.
FQ-ECR delivers a seamless way to financially quantify cyber risk in dollar terms, enabling more robust cyber risk management decisions that ensure business resilience.
The $88 trillion global economy in the 21st century is powered by companies who are becoming more and more reliant on technological infrastructures and third party service providers. The magnitude of this transformation is evidenced by research showing that while only 10 years ago one in four companies relied on the internet for their business operations, today the number is 100%[2].
Companies today are moving faster than ever to technologically transform themselves with 91% of companies engaged in some kind of digital initiative[3]and 87% of senior business leaders say digitalization is a priority[4]. These initiatives are being further accelerated due to the ongoing pandemic with 69% boards of directors accelerating their digital business initiatives due to the COVID-19 disruptions[5].
The obvious advantages that digitalization delivers also come with potential downside risks. It seems every day brings news of another costly cyber event hitting another company.
In recent weeks we’ve seen:
Other notable examples of past cyber incidents include:
It's no wonder that as this phenomenon continues to cascade, 68% of business leaders feel their cybersecurity risks are increasing[12].
One of the key gaps to bridge is providing the necessary data to support the CISO, the CRO and Board members in their decisions surrounding how they justify cyber related investments, and deciding on budgets and risk transfer programs for the business.
In order to do so, all key stakeholders need to have a level of understanding of the potential frequency and severity of potential cyber events and how they might affect their business.
Given that board directors now rate cybersecurity as the second-highest source of risk to threatening their enterprise[13], the question remains: what’s obstructing companies from feeling confident that they are adequately prepared to manage their cyber risk exposure?
One reason is that traditionally cyber risk has been presented in technical terms or against a variety of compliance frameworks. This has made it challenging for the CISO and their team to communicate with others such as the CRO, CFO, C-Suite and Board.
Cyber threats are constantly changing with hundreds of thousands of events occurring on a daily basis. Furthermore, companies themselves are continuously changing, adding new tools, technologies. clients and partners.
Efficiently monitoring and delivering regular and consistent updates on a company’s cyber risk exposure as it changes over time can be taxing, resource heavy and expensive. This is especially accurate if extensive data gathering is required across multiple entities, management levels and stakeholders.
Today, cyber risk goes beyond just referring to potential cyber attacks. Risks to a company's ability to operate without interruption or damage also means being able to assess the risks that can potentially manifest from one or more of their third party providers failing.
Furthermore, having the ability to explain and understand which cyber events are likely to affect a part of your business specifically through some kind of targeted action as well as understand which events could cause systemic damage across the enterprise and its subsidiaries at a single point in time helps prioritize risk management investments and decisions.
FQ-ECR seeks to overcome these challenges by analyzing and calculating the financial cyber risk to create a shared language of cyber risk.
Companies need a tool that allows for a seamless and constant flow of data regarding global cyber threats and attacks, ongoing visibility to security posture and controls of the business and it’s different entities and risk models that are designed to differentiate between different types of impacts and financial losses.
This way all stakeholders can have a data-driven conversation around possible options to manage and reduce their cyber risk exposure by mitigating through enhanced cyber security programs or managed more effectively via risk transfers protections.
FQ-ECR enables businesses to use real-time data to make more informed decisions about managing cyber risk whether to accept, mitigate, or transfer the risk), prioritizing new technology investments, and measuring the ROI of those investments in specific controls or programs.