Business leaders are investing in digital transformation to increase competitiveness, drive operational efficiencies, and grow market share. It has never been a better time to capitalize on the advantages of digitalization but with increased reward, comes increased risk.
As we embark on a new year and new decade, it is important that we reflect on the lessons of 2019 to drive our future strategies. Acuity has put together some trends and tips for managing cyber risks to help you prepare for the coming year.

Trend 1: Increased Board interest in cyber security risk
Boards are paying more attention to cybersecurity with more CISOs joining management conversations and cybersecurity spend rising year on year. While this reflects increasing awareness of cyber security risks, there are still continuing challenges in translating technical matters into Board-level discussions.
A PWC survey of 3000 respondents (The journey to Digital Trust, 2018) found that 80% of companies have provided the board with strategies for cybersecurity, however only 27% of them feel comfortable that the board is receiving adequate reporting on metrics for cyber and privacy risk. Evidently, there is still a lack of understanding around how to measure cyber risk and determine the best course of action.
By putting financial measurements on risk, an objective calculation can be used to provide reporting that is widely understood and comparable with management’s tolerance for risk. These insights will be used to shape strategies by enabling security and risk professionals to speak the language of business leaders, aid decision-making and optimize security investments. Cost/benefit analysis will help organizations determine how to gain the best ROI.
Tip: Consider quantitative risk assessment methods, such as FAIR
Last year, we highlighted how the introduction of quantitative methods for cyber security assessments can allow organizations to understand their financial exposure from cyber risks.
The Open FAIRTM method is an international standard quantitative model for cybersecurity and operational risk licensed by the Open Group. Open FAIR is already being used by 30% of Fortune 1,000 organizations and we expect that more firms will adopt this method as quantitative approaches become more prevalent.
Acuity is one of the very few vendors licensed for Open FAIR and has integrated this risk assessment method into its STREAM Integrated Risk Manager platform. With STREAM, organizations can use Open FAIR for quantitative assessment of risks and then use STREAM’s powerful aggregation, reporting and dashboarding to view financial exposure from cyber and operational risks across the enterprise. STREAM can then use the quantitative data to perform risk-based prioritization of security improvement and model the ROI from potential security investments.