Highlights & Insights of a Cyber Risk Quantification Journey
How a Tech Company Implemented CRQ for Better Decision Making
Your submission has been received!
Insights of a CRQ Journey FAQs
Speak to an Expert to Learn MoreHow did Dmitriy Sokolovskiy, ex-Avid CISO, begin his CRQ journey?
Dmitriy Sokolovskiy, former CISO at Avid Technology company, found himself in a position where he needed to justify budget requests and spending decisions, just like many other CISOs. While these circumstances first led him to adopt cybersecurity maturity model frameworks to facilitate this justification, he ultimately found he needed to supplement his explanations with a language the board was more familiar with, such as financial implications.
What were the issues working solely with the CIS and NIST frameworks?
Sokolovskiy discovered that the CIS control framework was too technical for the Avid board members. The NIST framework, while more approachable for non-technical executives, was still very subjective, making it difficult to embed cybersecurity initiatives and outcomes within the broader business strategy. The CISO fundamentally understood that board members operated in financial implications, and he, therefore, needed a solution that allowed him to communicate in that language.
Why did Sokolovskiy ultimately decide to quantify cyber risk with Kovrr?
After exploring several cyber risk quantification platforms and assessment approaches, the former Avid CISO discovered Kovrr. After learning that Kovrr's models incorporate real data from aggregated insurance claims and are continuously fed external global intelligence regarding cyber events, he understood that the results would ultimately be as objective as possible. Indeed, insurance industry claims come as close as one can get to the realistic numbers of the cost of a data breach.
Does adopting a CRQ tool always have to be a long journey?
No. Although many CISOs and cyber risk managers have stumbled upon CRQ because of challenging or ineffective communication with non-technical executives and stakeholders, others have had a more straightforward journey with the tool. Sokolovskiy's relationship with cyber risk quantification is merely one CISO's experience. To learn more about quickly implementing this solution into your cyber risk program, reach out to one of our risk experts today.