sb-nz logo
Story image

RSA launches 'risk quantification' tools so CISOs can convince boards that security is important

27 Mar 2018

RSA has partnered with risk quantification firm RiskLens to bundle risk assessment tools with its RSA Archer platform.

The RSA Archer Cyber Risk Quantification will provide cyber risk calculation, simulation, and analytics tools to help CISOs communicate risk to their boards and business leaders.

“Most often, cybersecurity is treated as a technical concern, and important business questions such as ‘are we doing enough?’ and ‘are we spending too much or too little?’ get unsatisfactory responses, if any,” comments RSA’s Steve Schlarman.

“For IT and security teams to adequately communicate cyber risk to the business, the business must understand the risk in the context of the business. Translating technical risks into monetary terms is a key step towards addressing these emerging challenges for CISOs.”

RSA cites Gartner figures that show cybercrime damages are expected to cost $6 trillion by 2021. These costs stem from data loss, IP theft and fraud. Meanwhile, the global information security forecast may reach $121.6 billion by 2021.

Businesses must be able to use tools that help make decisions quickly and with the right information, or face their own financial losses.

According to RSA, CISOs face significant challenges when prioritising and rationalising investments that may improve their organisation’s security posture. Risk transfer is also causing headaches for CISOs.

While some reports show that boardrooms are slow to catch up to the risks cyber threats pose, RSA Archer vice president David Walter believes otherwise.

“Under the threat of high-profile cyber attacks and data breaches, executives and corporate Boards are starting to ask more informed questions about their organisations’ risk exposure,” Walter says.

RSA believes that the quantification of cyber risk will allow CISOs to communicate the financial impact to board and senior management.

“Common risk management practices are often a barrier to achieving strategic business outcomes. By proactively assessing risk appetite and the value of the desired business outcome, CIOs and CISOs can transform digital risk management into a competitive advantage,” according to Gartner.

The RSA Archer Cyber Risk Quantification includes features such as:

  • Built-in risk calibration and analysis engine for cyber risk calculation
  • Templatised workflow for easy scenario modelling
  • On-demand risk analytics for answers to questions on the fly
  • Mathematical simulations to build your risk profile with limited data
  • Existing loss tables based on industry data
  • Easy-to-use SaaS application
  • User-friendly interface

“Whether calculating potential losses for cyber insurance efforts or prioritising investments based their relative reduction of the financial impacts of a security breach, quantifying cyber risk adds an exciting, and much needed, dimension to the CISOs vocabulary,” Schlarman concludes.

Story image
97% of organisations experienced a mobile threat in 2020 — report
93% of these attacks originated in a device network, which includes attempts to trick users into installing a malicious payload via infected websites or URLs, or to steal users’ credentials.More
Story image
Over a third of New Zealanders fell victim to cybercrime in the last year
"As we connected to the internet for everything from work and school to entertainment, social connection and even groceries, cybercriminals took advantage and launched coordinated attacks and convincing scams."More
Story image
Video: 10 Minute IT Jams - Radware VP on the challenges of cloud security
In this interview, Techday speaks to Radware vice president of technologies Yaniv Hoffman, who discusses the primary challenges facing IT organisations in terms of their cloud security apparatus.More
Link image
Webinar: Securing privileged access to stop attackers in their tracks
Thycotic's immersive webinar will demonstrate how attackers acquire passwords on endpoints and access critical cloud applications — without being detected.More
Story image
NVIDIA takes AI into the heart of cybersecurity with Morpheus
The Morpheus application framework will provide security partners with AI-enhanced tools that can detect and prevent security threats.More
Story image
Kroll completes Redscan acquisition, expands cyber risk portfolio
With the addition of Redscan and its extended detection and response (XDR) enabled security operations centre (SOC) platform, Kroll expands its Kroll Responder capabilities to support a wider array of cloud and on-premise telemetry sources.More