Safety in Numbers - Toward a New Methodology for Quantifying Cyber Risk

For financial institutions, safeguarding against cyber attack is now about more than just protection – increasingly it means managing cyber risk effectively across the organization. In modern, diffuse networks, such as those in most large banks, allocating risk across multiple network nodes (defined here as IT infrastructure, assets, and points of access) is vital to developing comprehensive strategies for managing cyber risk. Central to this is quantifying the risk. We believe that current scoring and statistically oriented models for cyber risk quantification are based on flawed assumptions, and fail to answer several key questions.

We propose a methodology for quantifying cyber risk that incorporates the physical network in the organization, and the behavior and characteristics of individuals and processes in that network – including the actions they take to mitigate cyber risks. In addition, as allocating and attributing risk are central to modifying the behavior of institutions and individuals, enabling organizations to easily attribute and allocate risk to specific nodes and edges of the network is central to our method. This paper provides a high-level summary of the approach, and highlights how it differs from, and improves on, existing models of cyber risk quantification.

  • LinkedIn  
  • Save this article
  • Print this page  

Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.

To access these options, along with all other subscription benefits, please contact [email protected] or view our subscription options here: http://subscriptions.risk.net/subscribe

You are currently unable to copy this content. Please contact [email protected] to find out more.

To download this content and continue reading...

You need to sign in to use this feature. If you don’t have a Chartis account, please register for an account.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here: