We are excited to present a major new release of Financial Quantification (FQ), an add-on capability for Security Performance Management. This release includes several new capabilities as well as changes and enhancements to the FQ engine and algorithms.
The following new capabilities enhance how you interpret and use FQ results:
- Loss Frequency: Understand the likelihood of experiencing a loss in the next 12 months, both overall and by impact scenario.
- Annualized Risk: Understand cyber risk results through annualized loss exposure (ALE). ALE combines the frequency of loss events and the financial impact of potential single loss events into a single measure, allowing you to compare loss impact scenarios with different likelihoods.
- Peer Group Comparison: Put your risk into a larger context, seeing how your financial risk compares to your peer group.
These capabilities help identify the probability of a loss event occurring in a year to help guide risk management and prioritize your response. Consider, for example, that your results include a Denial of Service loss event in a Business Interruption scenario with a likeliest loss range of $5-$7 million, but only a 5% chance of occurring in the next year. Meanwhile, they also include a Data Theft & Privacy loss event with a likeliest loss range of $1-$2 million, but a 45% chance of occurring in the next year. You can then compare your likeliest loss range to your peer group’s to understand your risk relative to your peers.
Additionally, we have improved the FQ dashboard, run set up wizard, and the Financial Quantification model. The model improvements will result in differences in Financial Quantification results after the update. These changes simplify FQ setup and use and improve the model fit of results.
What is the Financial Quantification feature?
FQ is a form of Cyber Risk Quantification (CRQ) that offers companies insights into potential financial losses from cybersecurity incidents. For many organizations, cyber risk is complex, misunderstood, and discussed in technical terms. With our financial quantification model, you can:
- Establish a universal language. Reshape the conversation into business terms, facilitating a greater understanding of cyber risk (and its potential impact) across your organization.
- Use real-time data to make more informed decisions about managing your cyber risk (i.e., whether to accept, mitigate, or transfer the risk).
- Prioritize new technology investment.
- Calibrate your cyber insurance and measure your return on investments (ROI) in specific controls or programs. Evaluate how much risk to retain and how much should to transfer to the insurer.
- Streamline the process without investing in any additional headcount or resources.
With these insights, organizational leadership, financial intermediaries, and other interested parties can be better informed about potential losses from cyber events and develop clear action plans to reduce financial exposure should an event occur. Cyber events involve disruption of technological infrastructure or unauthorized access, disclosure, alteration, or destruction of digital information, leading to impactful consequences such as financial loss, legal implications, or operational disruptions.
Financial Quantification is available as an add-on module or in certain SPM packages for your My Company and My Subsidiary subscriptions. It includes the ability to run quantification on a certain number of subscribed entities. Enablement service packages are also available to help jumpstart a Cyber Risk Quantification program.