As cyber security has become a boardroom issue, there is an increasing need for cyber risk to be measured and reported in financial terms. Business leaders want to know more about the risks that they face but traditional red-amber-green heat maps and score cards don’t provide sufficient insight.
According to a PWC 2018 survey on Digital Trust [1], only 27% of 3,000 respondents were ‘very comfortable’ that the Board is getting adequate reporting on cyber and privacy risk management metrics’.
It is therefore time to improve cyber risk management to aid decision-making and reporting. In recent months, there has been a lot of industry buzz around cyber risk quantification, a process previously dismissed as ‘very difficult, if not impossible’.
But what do we mean by cyber risk quantification, why should CISOs be embracing it and what has changed to make it a practical proposition?
[1] PWC – The journey to digital trust, Fall 2018