Request Demo

Risk Quantification & Metrics

Map Your Cyber Risks To Business Outcomes With KRI's

down-arrow

It is the greatest challenge for a technically minded leader like a CISO to be able to map the cyber risks that they know face the enterprise to the business outcomes such that business-side leaders can understand them. Dating back to the origin of the position, CISO’s have been charged with bridging the gap between cyber risk and business outcomes and key risk indicators are their secret weapon.

Key Risk Indicators

Key risk indicators (KRI’s) are the tactical application of a risk appetite statement. For risk managers, CISO’s among them managing cyber risks, risk indicators are the listing of the benefit and the risks associated with that strategy. Examples include -

These KRI’s are the marriage of the desired outcome that comes from the C-suite and the technical knowledge that comes from the leaders that have been embedded in this practice for years and bridges the gap for both parties.

KRI's

Practically Applying Your Risk Appetite Statement

In order to effectively operationalize your risk quantification practices, the enterprise leadership must be able to understand and map those cyber risk metrics to the outcomes that they’re looking to achieve (otherwise why accept the risk). For technical leaders, like a CISO, having the processes in place to facilitate the delivery of that risk data in such a way that its understandable to business leaders is critical - C-suite members and the board need this information in the digital age and it is often the breakdown of communication that stops them from getting it.

Taking the high-level strategy of an organization’s risk appetite statement and breaking it down into KRI’s empowers risk managers to understand and feed the critical metrics back up to senior management.

KRI’s Give The CEO Room To Understand Cyber

With data breaches capturing headlines weekly, CEO’s are growing more and more concerned with the states of their cyber posture. However, this is a whole new classification of risk for CEO’s and BoD’s that leaves them searching for answers in ways that will fit into their current methodologies of managing risk. With cyber-focused KRI’s that are constructed by the CISO in tandem with the strategy put out by the CEO, this helps the CEO understand the risks associated with the strategy - and either accept or reject that level of risk.

Using KRI’s as a means to empower both business and technical leaders with an understanding of the other party allows both to work more closely and further integrate cyber risk into the executive leadership conversation.

You may also like

Map Your Cyber Risks To Business ...
on April 16, 2019

It is the greatest challenge for a technically minded leader like a CISO to be able to map the cyber risks that they know face the enterprise to the business outcomes such that ...

Contextualize Quantified Cyber ...
on April 11, 2019

Now more than ever, CISO’s are being tasked with delivering hard metrics around an enterprise’s technology and digital risk. While this is nothing new for seasoned IT ...

NYDFS Implementation Grace Period ...
on April 9, 2019

Following the Equifax breach and growing concerns about the posture of the financial industry, New York State Department of Financial Services (NYDFS) released the initial ...

CEO's - Do You Know Where That ...
on April 5, 2019

It is no secret that cybersecurity has mystified many members of the C-suite since the function was introduced. With headlines dominated by breaches and hearings of information ...

Jerry Layden
Carbon Black Report Indicates ...
on April 2, 2019

In their third Global Incident Response Threat Report our Massachusetts neighbor, Carbon Black, illustrates not only the top industries for cyber attack but a deeply concerning ...

Legacy GRC And The Sunk Cost ...
on March 28, 2019

Last month, we covered how legacy GRC products and new integrated risk management (IRM) solutions can co-exist and in fact compliment each other. That said, in order for them to ...

Alison Furneaux