Best risk analytics tool: RiskLens
Operational Risk Awards 2017: Focus on cyber helps RiskLens scoop award
The clue is in the name. For US technology provider RiskLens, seismic technological change has brought with it great risks as well as rewards, and those risks need to be closely monitored and managed at all times.
“Business processes have digitalised at an accelerated pace over the past decade,” says chief executive Nick Sanna, delivering “phenomenal business efficiencies and growth. It also brought a new range of technology risks that can materially affect business outcomes and that need to be understood and managed.”
RiskLens specialises in the quantification of cyber risk, and its software is based on the Factor Analysis of Information Risk (Fair) model, an international standard for information security and operational risk. Its offering comprises risk scoping, a risk calibration and analysis engine, sensitivity analysis, what-if capabilities, value-at-risk reporting and other capabilities, but cyber risk is the jewel in its crown.
The company has deep roots in cyber, having been launched in 2011 after co-founder Jack Jones was asked by Nationwide Insurance, a previous employer, to quantify the cyber risk faced by the company. The answers surprised him, and the idea for RiskLens was born. It was then called CXOWARE but relaunched in its present form in 2015, underlining its focus on risk measurement.
“Technology risk, whether driven by cyber attacks or other operational breakdowns, now ranks among the top three to four risks that organisations and boards must manage,” says Sanna. “In the past 18 months, the topic made it to the agenda of board meetings of virtually every large organisation worldwide.”
Judges agreed. “Many firms consider cyber risk to be one of their main risks and given [recent] events, it is difficult to argue against this assessment,” said one, writing shortly after a huge cyber attack in May 2017 undermined key infrastructure in multiple countries, including the UK National Health Service.
A case study submitted in the RiskLens entry highlighted its work helping a $5 billion asset manager wanting to overhaul its Business Impact Analysis (BIA) system. The RiskLens system provided a more comprehensive risk breakdown than the previous “high, medium or low” rating system and the client was able to assess its three processing centres, to take one example, in far more detailed quantitative terms.
“Too often, cyber and operational risks are expressed in high-level, qualitative terms such as high/medium/low or using ordinal scales (one to ten),” says Sanna. “[These] do not allow effective prioritisation and certainly cannot help to determine how much an organisation should spend on risk mitigation.”
Sanna believes RiskLens can help firms to handle these conflicts in a clearer way. “It is imperative for cyber and operational risks to be expressed in terms of financial impact to an organisation, like any other form of enterprise risk,” he says. “Only when risk is quantified in monetary terms and risk mitigation initiatives are evaluated in terms of possible monetary risk reduction, can organisations make cost-effective decisions.”
By using the quantitative Fair model, RiskLens has helped to drive common risk reporting. Fair was set up after the financial crisis by the Open Group, a global standards consortium with several hundred member firms, and it seeks to provide a model for understanding, analysing and quantifying different risk types in financial terms.
RiskLens decided to develop its offering around the Fair model for three reasons. “We did not find a better risk analysis model out there, that would decompose risk in its discrete factors to the point where they could be quantified,” says Sanna. “Second, Fair is a flexible and domain-agnostic risk model that proved to be very adaptable for analysing any type of risk. Third, Fair is an established international standard.”
One judge praised RiskLens for its ability to cover several non-financial risks in an integrated way, adding that the company’s strength in aggregating and managing data sets it apart. Another applauds the way the product can be integrated with governance, risk and compliance (GRC) platforms and its appealing modular format.
Integration with GRC platforms became a priority for RiskLens in response to client demand. “Customers that had invested in GRC products kept mentioning that they were struggling to analyse risk in a way that could be consistently measured, communicated and managed,” says Sanna. “As new risk analytics solutions such as RiskLens emerged, customers demanded that those capabilities be seamlessly integrated in the GRC processes already in place. Some customers are telling us that we help them substantiate the ‘R’ in GRC.”
As client demand for more robust defences against cyber risk continues to evolve, RiskLens does not plan to rest on its laurels. “Our long-term development strategy contemplates a progressive integration into our risk analytics platform of the many data sources that organisations are already collecting, to further automate data collection and further efficiencies,” says Sanna.
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe
You are currently unable to print this content. Please contact info@risk.net to find out more.
You are currently unable to copy this content. Please contact info@risk.net to find out more.
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Printing this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@risk.net
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Copying this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@risk.net
More on Awards
Joining the dots: banks leverage tech advancements for the future of regulatory reporting
The continued evolution of regulatory frameworks is creating mounting challenges for capital markets firms in achieving comprehensive and cost-effectiveawa compliance reporting. Regnology discusses how firms are starting to use a synthesis of emerging…
Markets Technology Awards 2024 winners' review
Vendors spy opportunity in demystifying and democratising – opening up markets and methods to new users
Derivatives house of the year: JP Morgan
Risk Awards 2024: Response to regional banking crisis went far beyond First Republic
Risk Awards 2024: The winners
JP Morgan wins derivatives house, lifetime award for El Karoui, Barclays wins rates
Best product for capital markets: Murex
Asia Risk Awards 2023
Technology vendor of the year: Murex
Asia Risk Awards 2023
Best structured products support system: Murex
Asia Risk Awards 2023
Energy Risk Asia Awards 2023: the winners
Winning firms demonstrate resiliency and robust risk management amid testing times