Gartner Names Risk Quantification a Critical Capability of Integrated Risk Management

January 23, 2019  Bryan Smith

Are you able to effectively evaluate your cyber security risk in business terms? Last week Gartner listed "Risk Quantification & Analytics" as part of five critical capabilities of IRM. If you're not quantifying you're not truly evaluating cyber risk, according to the leading technology analyst firm.

This past week, I attended the annual Gartner Security & Risk Management conference. I'm excited to see the risk management space rapidly mature, and this year didn't disappoint. For the last two years, Gartner has been outlining a new vision for risk management. This new vision moves beyond GRC's focus on compliance checklists and risk matrices. In its place, Integrated Risk Management (IRM) fosters a risk-aware culture. Instead of aligning to a checklist, risk is aligned to your business and processes. This improves decision making since risk is now communicated in context.

Risk quantification takes that context and allows risk owners to manage risk in both business and economic terms. This allows you to prioritize risk and to allocate your resource effectively. Something a checklist and risk matrix falls short of.

Gartner is the latest major player in the cybersecurity world to recognize the revolution in thinking about risk – this year, in the US, the Securities and Exchange Commission (SEC) told public companies to shape up their cyber risk disclosure processes and, on the public sector side, the Office of Management and Budget (OMB) announced it would roll out a "risk-based budgeting process" to federal agencies later in the year.

RiskLens Is IRM Ready

Of course, the benefits of risk quantification aren't news to customers of RiskLens, the only enterprise platform for cyber risk analytics, built on the FAIR model, the international standard quantitative model for cyber security and operational risk.

That's why our risk quantification software platform is already enabled to communicate with your IRM solution today. The RiskLens API can extend the capabilities of any IRM platform by adding quantified results to your risk statements, risk register, and more.

I encourage you to schedule a demo and see how RiskLens Cyber Risk Quantification can enable you to make better risk based decisions. Today, RiskLens customers are able to use the RiskLens API to integrate for a multitude of use cases. They can prioritize their risk register, create risk statements with quantified results, and find the return on investment for a risk mitigation initiative. And all of this is accessible in their IRM platform of choice.