PivotPoint Risk Analytics: Making Cyber Risk Quantifiable

Businesses across every sector around the world know that cyber risks are real. Yet, in spite of increasing investments in cyber defenses, major breaches make headlines with great regularity and cost companies millions of dollars annually. Faced with more need than budget, CIOs and CISOs are challenged to select and prioritize the projects that will provide the greatest value to their organizations. According to Julian Waits, a cyber security expert and CEO of PivotPoint Risk Analytics, “There are three key questions that every CIO is challenged with—how much money could my business lose to cyber-attacks over the next year; how well have the past cyber investments we’ve made protected our most valuable assets; and how could investing in more security reduce our risk.” And as more businesses explore options for cyber insurance, “Companies are increasingly bewildered when trying to understand how much and what types of insurance they need to effectively transfer financial risk,” continued Waits. PivotPoint Risk Analytics is enabling CIOs, CISOs, and their businesses to answer these questions and make smarter business decisions through a new category of solutions called Cyber Risk Analytics.

PivotPoint Risk Analytics’ flagship product CyVaRTM enables enterprises to quantify cyber risk in dollars and cents. Borrowing the concept of “value-at-risk” from the financial industry, CyVaR determines an organization’s Cyber Value-at-Risk, which is its potential financial loss from cyber-attacks over a given period of time within a given confidence interval. CyVaR achieves this by identifying the most valuable information assets and business activities that could be impacted by a cyber-attack, and then estimating the financial consequences of the potential loss of each. CyVaR then uses sophisticated attack modeling and Monte Carlo simulation to estimate the probabilities of those losses occurring andshows how those potential losses are distributed across business applications by financial loss type.

CyVaR also identifies the mitigations that can have the greatest impact on reducing risk. Above all, by using CyVaR, “We provide suggestions to risk managers and CISOs about the most effective way to reduce risk,” says Waits.