An alternative approach to quantifying cyber risk using comprehensive attack surface evaluation assessments and Value-at-Risk modeling.
Organizations have an imperative to protect the data that has been entrusted to them, as well as securing their digital borders against business-interrupting intrusions. The legal landscape regarding accountability for data breaches continues to develop, but it has become clear that regulators, lawmakers, and the public will hold the breached entity responsible for a cyber event and the loss of data. This trend means that a cyber event of any type has the potential to negatively affect an organization's revenue and reputation.
By consensus, the conventional wisdom is that effectively surviving and prospering in cyberspace depends on sound risk management. That, of course, in turn depends upon some credible method of estimating, and quantifying risk.
Experts agree that no one solution will resolve any organization's cyber risk but combining technology and insurance can make significant strides to improving the chances that an organization can more quickly respond to and recover from a cyber event.