RESTON, Va. and SPOKANE, Wash., Dec. 16, 2022 (GLOBE NEWSWIRE) -- RiskLens has been named a “notable vendor” among CRQ solutions and services by leading global market research company Forrester in the report, “The Cyber Risk Quantification Landscape, Q4 2022.” Forrester’s report provides recommendations for buyers of CRQ solutions, and calls Factor Analysis of Information Risk (FAIR™) the “most popular” methodology for quantitative cyber risk analysis. RiskLens created FAIR™.
“In this research, Forrester recognizes a remarkable moment in the evolution of cybersecurity – the coming together of models, software and data to enable cyber risk quantification. CRQ is not an overlay on current practices in cyber risk measurement and management,” said Nick Sanna, CEO, RiskLens. “CRQ is a sea change, allowing organizations to understand cybersecurity from the business perspective and enable cost-effective decision making. To us, RiskLens pioneered cyber risk quantification and now is the leader in a robust marketplace with much more growth ahead.”
A complimentary copy of report can be found here: https://www.risklens.com/2022-cyber-risk-quantification-landscape
RiskLens finds the following quotes from Forrester’s report salient:
On a Programmatic Approach:
“Firms in this market also report customers making the transition from experimentation to a more programmatic approach to CRQ, particularly in high maturity industries such as financial services and critical infrastructure.”
RiskLens has long believed that a programmatic approach is the natural evolution of, and ultimate destination for CRQ. We have staked our business on the belief that anything less than a purpose-built program is simply an extended experiment, a step on the path to programmatic CRQ that can help organizations achieve real strategic effect, and drive increasingly necessary decisions and communications about cyber risk.
On Methodologies for CRQ:
“The Factor Analysis of Information Risk (FAIR) model is the most popular and recognizable methodology, but it’s not the only approach for CRQ….Consider additional methodologies that fit your firm’s level of expertise and internal data but be sure they produce reliable measures for the decisions at hand.”
As the creators of FAIR, and as one of the only vendors that has purpose-built its technology, services, education and data offerings around the model, we cannot deny that there are other approaches aimed at delivering the promise of CRQ. However, we at RiskLens do not believe that any other model provides the level of reliability that Forrester cautions about in this quote. FAIR remains the only open standard for CRQ, and this certification by the Open Group means that the model has been tested and validated thoroughly. Further, its status as an open standard means that it is more transparent and therefore produces results that are more defensible than any other proprietary alternative.
On Prioritizing Vendors:
“Prioritize vendors that offer a combination of technology, services, and data. To realize the value of CRQ requires more than a model. Organizations implementing CRQ will need the right level of expertise to interpret the results and the means to make the process sustainable to repeat and benchmark annual and year-over-year results. To ensure CRQ results are actionable — not academic — prioritize vendors that offer a combination of data for historic context, services to operationalize, and technology to scale CRQ efforts.”
As one of the only vendors in the CRQ market that delivers all of these recommended offerings, we at RiskLens wholeheartedly agree with Forrester’s recommendation here. A decade of experience has taught us that the best and most viable CRQ programs are built through multiple levels of capability: education to establish expertise, data to drive analysis, technology to achieve scale and consistency, and ultimately services to further build operational capability by leveraging practical application and lessons learned.
On the State of the CRQ Market:
“The pace of innovation and focus of CRQ vendors is changing rapidly…Forrester expects further adoption of CRQ by a broader group of organizations over the coming 12 to 18 months.”
“The benefit of a firm’s cybersecurity investment isn’t limited to deterring specific cyberthreats or maturing security controls. It also delivers value by protecting the firm’s bottom line and enabling business outcomes.”
On CRQ Use Cases:
“CISOs looking to acquire CRQ tools will need to focus on specific use cases and research the technology functionality necessary to support them,” Forrester recommends, citing five common use cases.
1. Articulate ROI of current cybersecurity investment
2. Prioritize risk treatment and remediation strategies
3. Quantify cybersecurity risk to boards of directors
4. Rationalize and calibrate risk transfer strategies
5. Justify current budget and future investment
About RiskLens
RiskLens helps organizations make better cybersecurity and technology investment decisions with software solutions that quantify cyber risk in financial terms. We are the creators of Factor Analysis of Information Risk (FAIR™), the international standard for cyber risk quantification, and the Technical Advisor to the FAIR Institute. The RiskLens platform is the only enterprise-scale software-as-a-service (SaaS) application for FAIR analysis. The RiskLens FAIR Enterprise Model (RFEM) creates flexibility to adopt FAIR and build programs, supporting companies at various maturity levels and with different business needs. With capabilities across the risk management process, and a large client base of Fortune 500 businesses, RiskLens is the only company with the expertise to help organizations navigate their most complex and challenging cybersecurity decisions. Visit us at www.risklens.com.
Media Contact:
Cathy Morley Foster
Eskenzi PR
cathy@eskenzipr.com
(925) 708-7893 (cell)
