- IBM (NYSE: IBM) Security announced a new risk-based service designed to help organizations apply the same analytics used for traditional business decisions to cybersecurity spending priorities
IBM (NYSE: IBM) Security announced a new risk-based service designed to help organizations apply the same analytics used for traditional business decisions to cybersecurity spending priorities. And IBM’s new Risk Quantification Services creates risk assessments to help clients identify, prioritize, and quantify security risk as they consider decisions like deploying new technologies, making investments in their business and changing processes.
Chief Information Security Officers (CISOs) are often not the ones who are responsible for their organization’s cybersecurity spending and policy decisions, so it is essential that they are equipped with quantitative data to translate cybersecurity challenges into business imperatives for CXOs. And the new IBM service provides CISOs with financial data to help them communicate to the C-suite and Board the potential business impact of security vulnerabilities and liabilities on their business in order to make more informed business decisions regarding cybersecurity.
IBM’s Risk Quantification Services is able to quantify risk by calculating the probability of a security event occurring and the probable loss projection based on expected data loss, operational disruptions, and business context. And organizations are able to benefit from IBM’s risk mitigation recommendations that are based on an analysis of value and impact by comparing their costs and expected risk reduction.
An NACD survey reports that nearly 70% of corporate directors surveyed report that their boards need to strengthen their understanding of the risks and opportunities affecting company performance. And IBM Security’s Risk Quantification Services aligns security teams and business leaders with:
1.) Executive Buy-In – By tapping into a common language to articulate security risks to CXOs, security executives can align business leaders, C-Suite, and the Board on actions to help mitigate security threats to their organization.
2.) Informed Decision-Making – Security leaders can translate risk into dollar amounts to deliver a cost-benefit analysis that provides non-security leadership with the possible cost impact of risk while translating security investments or remediation strategies into a business case and ROI.
3.) Strategic View of Risk Management – By bringing quantified security analytics to the C-Suite, CXOs can understand security risks in terms of the probability of a security incident occurring, potential reputational damage, regulatory liability, and business disruption.
“Security leaders have often struggled to communicate the value of a security investment to business leaders,” said Julian Meyrick, Vice President of IBM Security. “Our Risk Quantification Services not only enables security leaders to articulate risks and potential exposure in terms of financial loss, it empowers them to measure the actual efficacy of existing security protocols, based on our analysis of their business environment, assets, security architecture, and the potential threats to their organization.”
IBM Security is going to be applying the FAIR methodology, an open international standard for cyber risk modeling, and is collaborating with RiskLens and its proven quantitative cyber risk management platform to assess in financial terms the potential impact of security risks. And IBM Security is establishing the necessary business context for its risk calculation models using the depth of its security portfolio and consulting services, including its expertise and insights gained from responding to security incidents around the globe and visibility from IBM X-Force Threat Intelligence as well as IBM’s understanding of client landscapes.