Below are some answers to the most Frequently Asked Questions.

CyVaR calculates your projected annual loss due to cyber attacks using value at risk (VaR) modeling.
A statistical technique used to measure and quantify the level of financial risk within a firm or investment portfolio over a specific time frame. Value at Risk is measured in three variables: the amount of potential loss, the probability of that amount of loss, and the time frame.
CyVaR quantifies your cyber risk in financial terms for your enterprise. This information enables you to better manage your risk. There are a number of ways to manage this risk including creating a mitigation plan and strategy as well as purchasing cyber insurance.

CyVaR enables users to understand their risk at a given point in time. This information can be used to

  • Help with annual, quarterly or monthly purchasing decisions
  • Understand your exposure before purchasing cyber insurance
  • Provide insights into cyber risk to executives, investors, or other stakeholders
CyVaR is continually updated with information regarding the latest cyber attacks. This information enables a business to focus its efforts on combating the cyber attacks with the most damaging financial impact. For example, if two new cyber attacks come out at the same time, how do you know which one to deal with first? CyVaR gives you insight into which attack could pose the biggest financial risk to your enterprise, enabling you to prioritize your response and remediation efforts.
Access to the CyVaR™ application is physically protected by a host-based firewall, such that the only customer facing ports exposed are those that allow secure web protocols. User access to the persisted application data is only accessible from within the cloud instance. Application data and user data are stored within a relational database accessible by an administrator and the CyVaR™ application. User credentials, which currently can only be created by the Pivotpoint RA administrator with access to the cloud management infrastructure, are also stored within the database with passwords hashed and salted using FIPS 140-2 compliant methods.
Register to use CyVaR™ by contacting CyVaR™ Sales at info[at]cyberpointllc[dot]com.
  • Verify your login ID
  • Reset your password
  • Contact CyVaR™ Support (refer to "How do I contact CyVaR™ Support")
Currently, you will lose your project data if you exit the wizard prior to calculating your CyVaR™.
Currently, CyVaR™ is compatible with the following browsers:
  • IE 10 and 11
  • Chrome
  • Safari
  • FireFox
Conceptual network topology: cocktail napkin specification in terms of functional subnets such as HR, Finance, Engineering, etc.
Physical network topology: the actual physical network as seen from Nessus
Refined network: a refinement of the conceptual topology to capture the necessary details of the physical topology, sufficient to allow each node to have a set of data types, values, and mitigation vectors that make sense for it, for the purposes of CyVaR
Cyber attack models: models that represent the mechanisms of a cyber attack for penetrating, permeating, and persisting on a network.
Attack climate models: models of incidence rates for types of cyber attacks on organizations in various industries, regions, and size ranges.

Industry Talk

"The average total cost of a data breach increased 23% over the past two years to $3.79 million."

– 2015 Global Cost of a Data Breach, Ponemon Institute


If you like CyVaR and think others would too, we'd appreciate it if you would spread the word!