Just-in-Time Data for Fast, On-Demand Cyber Risk Assessments

December 3, 2021  Jeff B. Copeland

Case-Study-Data-Protection2-1-4You know the concept from the auto industry, grocery stores and many other industries: just-in-time (JIT), a system that delivers the right parts or products at exactly the time they’re needed for production or sale. Now, RiskLens is building a JIT system to deliver data and other components of cyber and technology risk analytics on demand, with high quality, and ready to be snapped into place.

Learn more in this RiskLens webinar: Assessing Cyber Risk? Start with Industry Data.

Register now to watch on demand.

The Problems with Data for Cyber Risk Analysis 

Good risk analysis requires good data that’s both reliable and relevant to the organization and specifically for FAIR™ quantitative analysis covers frequency and financial impact of cyber loss events. 

But we’ve consistently heard from CISOs and cyber security and risk managers these problems with sourcing and using data: 

  • Can’t find the right data for our risk scenarios – most often because we don’t have the time or staff to hunt down and interview the subject matter experts in the organization.  
  • Don’t know the credibility of the data – we found something on Google but can’t vouch for the source’s reputation.
  • Don’t know if we are applying data points correctly for statistically valid results
  • Interpretation – don’t know how our findings stack up against peers in our industry. Are these results good or bad vs the norms? 

The Solution: Industry Data (Carefully Curated)

In fact, there is plenty of good raw material for cyber risk analysis in the data available from public sources, including SEC filings, and collected by private firms such as Advisen or Verizon but it takes expertise to refine it for ready use in risk analytics. The RiskLens data science team has cracked that problem by applying extensive field knowledge (gained from bringing FAIR™ risk quantification to a wide client base) with advanced data analytics to mine actionable insights from a huge trove of data.

The building block of the RiskLens system is the risk (or loss event) scenario. Following FAIR, a risk scenario includes a threat actor impacting an asset by some means resulting in a loss. Example:

“Analyze the risk associated with a malicious privileged insider impacting the confidentiality of the PII contained in the Crown Jewel database via mis-use of their access.” 

In FAIR analysis, we quantify the factors (such as probable frequency of attack by an insider, probable costs resulting from a breach of confidentiality) to arrive at a range of probable loss exposure in dollar terms. All that requires gathering reliable, relevant data.

The RiskLens data science team automated the process to create a vast library of over nine million scenarios covering a huge range of data inputs and outcomes and sorted by industry. The scenarios are fine-tuned to account for differences across industries; for example, healthcare organizations are twice as likely to suffer a data breach due to a malicious insider compared to financial organizations. Scenarios can also be customized based on geographic location, company revenue size, data type, threat actors and more.

RiskLens Pro - Risk CategoriesRiskLens Analysis Output

The Result: Faster, More Accurate Risk Analysis 

More speed, better accuracy for risk analysis and benchmarking against industry norms for risk management – RiskLens is delivering these values through two product innovations:

  • For Enterprise customers with an ongoing risk quantification (CRQ) program, the RiskLens SaaS platform now comes pre-populated —for just-in-time use--with industry-specific data and scenarios that can be augmented with the enterprise’s internal data when available. Learn more about RiskLens for Enterprise
  • New for clients with limited staff or budget who want a more accessible and affordable form of quantified cyber risk management: RiskLens Pro, a managed service that offers
    >>Quarterly Cyber Risks Reports to identify the organization’s top risks
    >>Quarterly Cyber Risk Trending Reports to reveal risk reduction over time
    >>Quarterly Cost-Benefit Assessments to evaluate the ROI of the organization’s top cybersecurity investments.
    Learn more about RiskLens Pro.

Coming soon: Look for more product innovation from RiskLens to provide a fast and easy way to benchmark cyber risk against industry peers.

Watch the webinar: Assessing Cyber Risk? Start with Industry Data.