You quantify cybersecurity risk by examining and weighing the potential financial loss your company would experience if a breach were to occur. You should also consider the future loss of customers and profit due to the hit the company’s reputation and public image will inevitably sustain.
You can use NIST 800-30, the FAIR risk model, or a custom risk model to quantify cyber risk data in financial terms. By financializing cyber risk, CISOs and information security professionals can communicate where cyber risk investment is needed and track improvements made in the cyber risk program over time.
See Also:
Return to Cyber Risk Quantification Glossary
