CRQ can’t remain a pilot forever. To drive meaningful, repeatable value, it needs to mature into a business capability: trusted, embedded, and regularly informing decisions.
Before a single scenario is modelled or a number estimated, one of first challenges in adopting cyber risk quantification (CRQ) is simply persuading stakeholders it's worth doing.
In this article, I’ll share six working principles I’ve found essential for embedding CRQ in a way that sticks — not just as a project, but as a true business capability.
For all the energy that organisations invest in CRQ, a frustrating truth remains: many results don't actually lead to better decisions. Quantification is a powerful tool. But like any tool, its value lies in how it’s used.
The digital landscape continues to evolve at an unprecedented rate, bringing forth new challenges and amplifying the urgency for robust cybersecurity measures.
Worst case sets a practical limit on what should be spent to manage/mitigate risk, most likely is what you should expect to occur, while ALE tells you how to do long-term financial planning or to think for (self) insurance.
The KPMG annual Cybersecurity considerations report identifies eight key considerations that CISOs should prioritise in 2024 to help mitigate risk, drive business growth and build resilience.
Cyber Human Risk Management (HRM) is essential to cybersecurity culture, as the way people manage technology is the window through which threat actors can infiltrate organisations.
Organisations around the world need to factor the geopolitical risk to cyber security – and the cyber-driven elements of geopolitical risk – into their strategic decision making.
Public sector organisations are key to our economy, providing essential services to the population. Given the importance of the sector, they are prime targets for cyber-attacks, due to data-rich environments, critical infrastructure, political and ideological motivations and interconnected systems.
