Cyber risk quantification provides a means to measure, and subsequently communicate and manage, the risk to an organisation from cyber attack or breach. It is a means to identify optimal investment opportunities and communicate cybersecurity investment returns in ways that are familiar to boards. Our RISCS Cyber Risk Quantification Project provides a comprehensive analysis of the current state of cyber risk quantification. It addresses the methodologies, use cases, and challenges associated with cyber risk quantification, including its application to specific challenge areas and the feasibility of a standardised model for costing cybersecurity incidents. The reports offer insights and strategic recommendations for organisations to effectively measure, manage, and communicate cyber risks.
With grateful thanks to the outstanding work of the project team: Alpesh Bhudia, Anna Cartwright (PI), Edward Cartwright Frank Cremer, Tom Meurs, Phillip Samson, Jacob Seifert, Darren Shannon, and Barry Sheehan.
- A Review of the General Risk Cyber Quantification Landscape
- A Review of Cyber Risk Quantification in the Context of Specific Challenge Areas
- Identification and Feasibility Assessment of Options for a Standard Model for Costing Cyber Security Incidents
- RISCS Cyber Risk Quantification Research Project Executive Summary
- RISCS Cyber Risk Quantification Research Project Summary Report