Why You Must & Where to Start

Quantifying cybersecurity risks can be a critical step in understanding those risks and getting executive support to address them.

(image by Egor, via Adobe Stock)

Risk. According to Mirriam-Webster the word has several meanings. First is “possibility of loss or injury: PERIL.” A little down the list comes, “the chance of loss or the perils to the subject matter of an insurance contract, also: the degree of probability of such loss.” Now, from a business perspective, we’re getting somewhere.

The cybersecurity world is accustomed to talking about risk in colorful terms. “Code red,” “condition yellow,” and the like have long been used to discuss the immediate risk environment. But as cybersecurity has become an issue for business executives as much as technology managers, the language has changed and risk has shifted to a quantitative conversation.

A sign of maturity

Brian Riley, senior director of global cyber risk management at Liberty Mutual says, “Putting numbers or metrics around risk allows you to have a different level of conversation about what that means.” He explains that the differences not only allow the conversations to take place with different business groups,…

