Cyber Risk Quantification

Cyber continues to be a real challenge for risk managers

Discussions with the ORX Cyber community have highlighted how challenging the risk is to quantify, and therefore how difficult it is to determine an organisation’s risk exposure. This makes it tougher for organisational leaders to understand the risk and harder still to make decisions on control investment and action prioritisation.

Banks and insurers describe many contributing issues, including:

• A shortage of data and skills
• Impacts often being non-financial in nature
• The complexity of the risk.

There are questions over whether traditional risk quantification techniques are appropriate and whether sufficient investment is being made to innovate.

As a result of the challenges presented by this significant risk, ORX Cyber subscribers asked us to focus on this topic. This report is the first step to help our subscribers understand and share current and leading practices and to help develop and enhance cyber risk quantification going forward.

The report is based on information collected from 30 banks and insurers through both a survey and roundtable discussions. It provides insights into current practice, outlines challenges and benefits, and summarises potential future direction for cyber risk quantification.

Disclaimer: ORX has prepared this resource with care and attention. ORX does not accept responsibility for any errors or omissions. ORX does not warrant the accuracy of the advice, statement or recommendations in this resource. ORX shall not be liable for any loss, expense, damage or claim arising from this resource. The content of this resource does not itself constitute a contractual agreement, and ORX accepts no obligation associated with this resource except as expressly agreed in writing. ©ORX 2024

Contacts: