Skip to content


ORX Cyber


ORX Cyber Community

Risk programme

Risk Landscape

Guide - February 2023

Cyber risk is a crucial part of many financial organisations' operational risk scenario programmes. But how should firms manage these programmes and what are the common objectives?


Download a free summary of this resource, A Guide to Managing Cyber Risk Scenarios, from ORX Cyber for insights into:

  • How cyber scenario programmes are managed
  • What's included in the cyber scenarios
  • Key challenges for cyber scenario development
  • How to solve these challenges


About the guide

This guide was created in response to a high level of interest in this topic from the ORX Cyber Community. Twenty-seven financial organisations from around the globe took part in a study, completing a survey and taking part in group discussions on the topic.

Using this information, we created a resource to support our community in managing cyber risk scenarios. The full report, detailing all the findings, is available to all ORX Cyber subscribers. If you don't subscribe, then you can download a free short guide to find out more about managing cyber risk scenarios.

Key findings


SMEs key to cyber risk scenarios 

Financial institutions' focus on cyber risk scenario programmes reflects the prominence of information security and cyber risk across the industry. Our study showed that a vital component to a successful cyber scenario is subject matter experts (SMEs). SMEs add context, depth and breadth to data sets. In turn, driving the selection and development of storylines, estimating input values, and validating decisions taken at all stages of the cyber scenario programme.

Cyber quantification is not yet mature

The study also showed that cyber quantification techniques are not yet fully mature. Many of the participating organisations said they are looking to introduce quantification techniques soon. However, they have typically not yet defined how this will be achieved. Even if quantification techniques are introduced, the reliance on SMEs is likely to remain.

People, process and data are the biggest challenges

The survey results highlighted several challenges that are being faced by organisations when developing their cyber scenarios. These can be categorised into three main areas – people, process and data.

In the people category, SME availability and skills are key issues. The process challenges include a lack of quantification methods, while the availability and accessibility of internal and external data were identified as barriers in the data category.








Gated content start

This resource was produced as part of ORX Cyber

Want to access this resource?

If your firm subscribes to ORX Cyber,
log in or register to read this resource.

Log into the ORX website

Not a subscriber? Download the free summary version of this report

Download the short guide

Gated content stop


Helen L’Abbate

Helen L’Abbate

Deputy Director - Research & Information, ORX


ORX Cyber

Discover the service specifically designed to support cyber risk managers in the second line of defence.

ORX Cyber