The benefits and limits of cyber value-at-risk
The World Economic Forum’s Partnering for Cyber Resilience initiative developed a preliminary framework for a statistical model which CIOs and other executives can use to begin quantifying the financial impact of cyber threats.
Many CIOs across industries struggle to answer questions about cyber risk posed by their executive teams and boards of directors: How likely are we to experience a damaging attack? How effective are our existing risk mitigation measures? If we spend US$20 million more on cyber risk mitigation, how much would that reduce our risk?
In the interest of helping organizations answer these and other questions, members of the World Economic Forum’s Partnering for Cyber Resilience initiative recently proposed a working model for measuring and quantifying the impact of and exposure to cyber threats. Known as cyber value-at-risk, the model provides a starting point for quantifying risk and attempts to inject more discipline into that process, although it requires further refinement and field-testing.
With a goal of allowing corporate leaders to quantify more of the cyber risks their organizations face at a more granular level, cyber value-at-risk ultimately seeks to help them make more informed, confident decisions about their organization’s risk tolerances and thresholds, cyber security investments, and other risk mitigation and transfer strategies.
Despite the current challenges in applying the model, companies that have been exposed to cyber value-at-risk express enthusiasm for it. One organization working with the World Economic Forum’s cyber resilience initiative obtained a more structured view of its risk profile by using the model, and now the organization is making more fact-based security investments and policy decisions as a result.
Inside Magazine - Global edition 2016
Inside is Deloitte’s quarterly magazine offering an exclusive insight into best practices, trends and opportunities faced by our clients across all industries.
Inside focuses on the main hot topics relevant for the market (Asset management, Banking, Insurance, Public sector, Healthcare, Private equity, Real estate, TMT, Manufacturing and consumer business, Transport and logistics).