Incomplete data makes it difficult to precisely model cyber risk
The creator of a widely used model for quantifying cyber risk has warned banks not to expect precise results.
Jack Jones, co-founder of RiskLens and architect of the Factor Analysis of Information Risk (Fair) model, urged banks to “get over this notion of precision” and focus on generating accurate results when modelling cyber risk.
“When people think about quantifying risk who aren’t in the profession of quantifying risk, they think we are supposed to quantify it precisely, which is a pipedre