Becoming Objective About the Financial Impact of Risk

Most risk assessment professionals rely on their own experience and a few general statistics when they assign financial costs to a company’s risk. Consequently, if a company was assessed by two different risk assessment professionals, one might say that a certain risk carries a $500K price tag while the other might claim that the same risk could cost the company $1M. Which is more accurate? It is impossible to determine, because there is no detailed data underlying either statement. Both are subjective opinions.

CISOs and CSOs get frustrated trying to build effective risk management strategies on such nebulous foundations. But a solid foundation can be laid: a foundation formed from a wealth of objective data. Unisys provides this foundation through Unisys TrustCheck™, a unique cyber risk management solution that offers an innovative, patented method for understanding financial exposure to cyber risk. The solution is powered by X-Analytics^®, the state-of-the-art cyber risk financial analytics engine trusted by leaders in the global cyber insurance industry to underwrite billions of dollars of cyber risk.

TrustCheck™ takes an organization’s internal data, combines it with extensive research, and then applies tested and proven algorithms to assess potential financial loss in an objective, repeatable, and defensible manner. Then, TrustCheck™ recommends a list of controls that can reduce the predicted financial losses, and gives CSOs and CISOs the powerful ability to compare and contrast risk remediation options to assess their relative value.

For example, a CSO could model the financial effect of investing $100K in a cloud access security broker (CASB) solution vs. investing $100K in a microsegmentation solution. By doing so, she might discover that the CASB solution would reduce risk in a certain area from $500K to $200K, but that the microsegmentation solution would reduce risk from $750K to $150K. While both risk reduction initiatives are important, the ROI for the microsegmentation solution offers double the return! The CSO can use this data to make a decision on where to invest budgeted funds for the greatest possible impact.

TrustCheck™ also helps CISOs and CSOs in the boardroom. With the objective facts and insights generated by TrustCheck™ in hand, CSOs and CISOs are better equipped to provide executive boards with the financial data they need to make strategic and budgetary decisions. For instance, the CISO can state and show with confidence that the company currently harbors a risk that has a 40 percent probability of occurring and which carries a potential cost of $1.2M. He can then demonstrate that an investment of $100K in a security control may reduce the likelihood of that risk to 15 percent and the potential cost to $200K. The executive board can then understand at a glance that the investment will yield a 10X return, protecting their company from serious loss. In this manner, TrustCheck™ transforms the cyber risk conversation, enabling organizations to align their security initiatives with their business strategy.

CSOs and CISOs have struggled for too long to make decisions in the absence of objective financial risk data. Unisys TrustCheck™ paves the way for security professionals to make fact-based decisions about how they manage their cybersecurity programs with a modern and refreshing approach. In this way, CSOs and CISOs can avoid overspending or underinvesting in cybersecurity, and are able to engage and align more effectively with executive boards. With TrustCheck™, subjective opinion gives way to objective fact, benefiting business at every level.