Cyber Risk Quantification Study 2024

Report - September 2024

This study from ORX Cyber explores the status of cyber risk quantification (CRQ) by providing a view of current practices, challenges and future direction of travel across the industry. 

The ORX Cyber community continues to highlight the challenges financial institutions face in quantifying cyber risk to accurately articulate their true cyber risk exposure. This topic was previously explored by the community in 2022, and the 2024 study looks at what has changed since 2022.

Most financial firms are still developing their individual cyber risk quantification approach and for many there is a desire to move from a qualitative to a quantitative approach.

Compared to 2022, organisations now recognise the benefits CRQ brings and often have multiple objectives to achieve with a significant increase in those looking to inform risk appetites and investment decisions.

Our latest survey has highlighted a series of challenges in delivering CRQ including:

Data availability and accuracy
Usability of outcomes
Stakeholder buy-in
Scarcity of skills

The report, detailing our findings from the study, is available to all subscribers to ORX Cyber. It's based on survey information collected from 22 banks and insurers and provides a view of current practices, challenges and future direction of travel across the industry. 

Contacts: