Global consulting firm Protiviti has launched a Cyber Risk Quantification as a Service offering in alliance with RiskLens, the leading provider of quantitative cyber risk management software. Through quantitative risk analysis using hard data, the offering enables CIOs and CISOs to answer their board of directors’ questions about the effectiveness of their cybersecurity program with confidence, make better decisions about budgets and technology investments, and assist in meeting regulatory requirements.
The impact of cyberattacks continues to increase, and a single major breach event can cost the victim millions of dollars and tarnish a company’s reputation and brand equity. Companies need enhanced ways to assess their cyber risk and adjust their risk management efforts to meet evolving threats.
“Protiviti’s Cyber Risk Quantification service, powered by the RiskLens Platform, delivers a continual, data-driven assessment of an organization’s current state of cyber risk,” said Andy Retrum, a Protiviti managing director. “Armed with this data, cybersecurity teams are able to better manage risks in business terms; determine if they are investing their cybersecurity budgets in the right areas and if they have sufficient cyber insurance; evaluate ROI; and provide meaningful insights to senior leadership and the board.”
The RiskLens enterprise platform is purpose-built on the Factor Analysis of Information Risk (FAIR) model, an international standard for cyber risk quantification. The FAIR model is backed by the non-profit FAIR Institute, which counts security and risk professionals from eight of the Fortune 10 and 75% of the Fortune 50 as members.
“With RiskLens, Protiviti provides cyber program risk intelligence that enables organizations around the world to effectively quantify their cyber risk in financial terms and focus remediation efforts where they will help organizations protect the bottom line of the business,” said Nick Sanna, CEO at RiskLens.
Protiviti helps companies measure, quantify and report on cyber risk by:
- Assessing cyber threats using open quantitative risk measurement methodologies, including FAIR
- Designing and implementing the programs and processes required to shift cybersecurity from a controls orientation to a business risk orientation
- Building cybersecurity data marts to collect, process and store relevant metrics for analysis and reporting
- Conducting training and organizational change management to help organizations embrace a culture of data-driven, informed decision-making