Best cyber risk/security product: RiskLens
The US software company's product enables reporting and decision-making on cyber security
The US software company's product enables reporting and decision-making on cyber security
OpRisk Awards 2016
How can you put a figure on cyber risk? Too many businesses struggle to translate what, on the face of it, is an IT problem into a measure of financial risk that can be understood by non-technical executives.
Some 15 years ago, the co-founder of RiskLens, Jack Jones, was asked by his then-employer, US-based Nationwide Insurance, to quantify the cyber risk the company faced, and how much this risk would be reduced as a result of the multi-million dollar investment in cyber security technology that he was advocating.
He realised that his answers – "lots" and "some" – were woefully inadequate. "He thought, these are reasonable questions; we should be able to quantify cyber risk exposure," says Nick Sanna, chief executive of RiskLens, the US software company that grew out of that awkward board meeting.
It seems obvious that people should be using the same measuring stick... but previously, people weren't speaking the same language
Nick Sanna, RiskLens
The first step was to develop a model that could be applied consistently to cyber risk. "It seems obvious that people should be using the same measuring stick... but previously, people weren't speaking the same language," Sanna says.
The solution was found in factor analysis of information risk (Fair), an international standard value-at-risk model for cyber security and operational risk, which allows for the understanding, analysis and quantification of information risk in financial terms.
The second step was to encourage business heads to put dollar numbers on the estimated impacts of cyber security breaches – for example, the cost of business interruption, reputational damage, or the legal costs associated with theft of customer information.
"The number one objection was ‘I don't have enough data to give you'," says Sanna. The simple answer was to ask for ranges, which are then used to provide single or aggregate loss exposure reports.
To arrive at an enterprise-wide loss exposure, the RiskLens platform combines information on a company's current state of cyber security with these figures for the estimated impact of a cyber security breach. "What the system allows is for business people to get involved in the cyber security process," says Sanna.
Software as a service
While Jones initially built a consulting business applying the Fair VAR model, RiskLens subsequently developed a software-as-a-service offering, launched at the end of 2014. Clients use the system for regular reporting and decision-making regarding cyber security spend. It can also be used to calculate the amount of cyber insurance cover it might be necessary to purchase – and even by insurers, in calculating how to price that cover.
One insurance client says the product "has been key for moving from subjective assessments of risk to a data-driven approach to the underwriting of cyber insurance".
RiskLens is now looking beyond cyber risk. "We've been getting a lot of enquiries to expand our solution into operational risk," says Sanna, such as risks around physical security, weather impacts – and even opening a new subsidiary. "There's no standard model to quantify operational risk – the Fair model is agnostic and is very well applicable to operational risk exposures."
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe
You are currently unable to print this content. Please contact info@risk.net to find out more.
You are currently unable to copy this content. Please contact info@risk.net to find out more.
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Printing this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@risk.net
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Copying this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@risk.net
More on Awards
Joining the dots: banks leverage tech advancements for the future of regulatory reporting
The continued evolution of regulatory frameworks is creating mounting challenges for capital markets firms in achieving comprehensive and cost-effectiveawa compliance reporting. Regnology discusses how firms are starting to use a synthesis of emerging…
Markets Technology Awards 2024 winners' review
Vendors spy opportunity in demystifying and democratising – opening up markets and methods to new users
Derivatives house of the year: JP Morgan
Risk Awards 2024: Response to regional banking crisis went far beyond First Republic
Risk Awards 2024: The winners
JP Morgan wins derivatives house, lifetime award for El Karoui, Barclays wins rates
Best product for capital markets: Murex
Asia Risk Awards 2023
Technology vendor of the year: Murex
Asia Risk Awards 2023
Best structured products support system: Murex
Asia Risk Awards 2023
Energy Risk Asia Awards 2023: the winners
Winning firms demonstrate resiliency and robust risk management amid testing times
Most read
- Top 10 operational risks for 2024
- Regulators’ FRTB estimates based on faulty premise – industry study
- Top 10 op risks: AI fears drive cyber risk to record high