Cyber risk quantification: Communicate cyber risk in business terms (Auditorio. Sala N103 - N104) ­čÄž

20 de noviembre de 2019, 11:30 - 12:25

Cyber Risk relevance is constantly on the rise and in recent years this topic has become a board-level discussion. As a result, Cyber Risk is now recognized as a fundamental component of Business Risk. Traditionally Cyber Risk has been evaluated using a simple qualitative risk scoring approach using “high/medium/low" values, but business stakeholders speak in the language of “numbers and money”. Business stakeholders want to know loss exposure due to a potential cyber event or the ROI of purchasing security controls and CISOs are struggling to articulate Cyber Risk in this language and provide meaningful answers to the executives and board members.

This presentation looks at a quantitative risk assessment approach using financial terms easily understood by business leaders and by talking the same language are able to bridge the gap between the domains of security and business functions. By filling this historical communication gap organizations increase the effectiveness of the decision-making process related to security spending.

Cyber Risk quantification is becoming mainstream and many regulatory bodies are looking at mandating its adoption or have already done so. Moreover, as Digital Transformation ramps up, auditors will increasingly encounter organizations adopting this approach. This session will arm you with the knowledge to exploit a business-driven approach and have the right conversation.