When CISOs and CFOs discuss cyber risk, how often are they speaking the same language? To see the true risk to your company in terms of dollars and cents, PivotPoint’s decision support solution, CyVaR, translates cyber risk to financial risk, allowing you to achieve better ROI on your security investments, lower your cyber risk–and ultimately secure the value of your business.
CyVaR Features and Benefits
One of the biggest security questions facing companies is, “What is my exposure and what costs will I incur from an attack?”. With that information you can easily calculate your potential annual loss and enable you to:
- Determine your financial exposure resulting from a cyber attack.
- Identify the highest payoff options to reduce your exposure.
- Discover security program priorities—both financial and technical.
- Identify the loss types with the greatest impact to your business and which applications present the highest risk.
- Speed time-to-value by quickly being able to target risk problems and solutions specific to your business.
- Communicate cyber risk with executives on a common level.
- See up-to-the-minute changes in your risk as your business changes.
CyVaR in Action
The CyVaR technology 6-step process was developed to help organizations quantify their monetary Value-at-Risk resulting from cyber threats using a method that is based on mature computational techniques used in the financial industry.
Step 1. Profile & Value Enterprise – Facilitates the creation of an individual profile unique to your business, your networks, and your threats through ingestion of your company financials and cyber infrastructure.
Step 2. Assess Defensive Posture – Measure the defensive posture of applications and/or processes which enables CyVaR to see where attacks are likely to penetrate and how. Frameworks such as NIST 800-53, ISO- 27001 and the Critical Security Controls are used to measure defenses.
Step 3. Simulate Cyber Attacks – CyVaR identifies exposures and meaningful gaps through a combination of known attack sequences that represents, or is a simulation of, an actual attack against an organization’s assets.
Step 4. Compute Value-at-Risk – The CyVaR algorithm simulates technical loss on a network due to cyber attacks by running up to one million cyber attack simulations to calculate your potential losses.
Step 5. Simulate Risk Mitigation Options – Once CyVaR finishes calculating Value-at-Risk, it focuses on simulating mitigations to identify options with the greatest impact on reducing risk.
Step 6. Results Reported – Results are analyzed, correlated with financial data, and presented along with mitigation recommendations, giving the business the ability to better manage security investments, manage legal risk, and quantify how much cyber insurance may be needed.
Operationalizing both the asset valuation and the defensive posture (controls) analysis process, CyVaR also sets the stage for continued evaluation of the security investment process for an organization. As business requirements, technology infrastructure, control implementations, and the threat climate changes, CyVaR can maintain the balance between investment and security risk management.
Empower Your Entire C-Suite
With CyVaR, every member of your executive team, including members of your Board, are enabled to discuss the reality of cyber risk on a level playing field—giving those that speak in financial terms and those in security terms, the ability to understand the true risk to their company’s bottom line. PivotPoint Risk Analytics’ technology translates the cyber risk assessed by the Chief Information Security Officer into the resulting financial risk the CFO and Board Members need to understand the ROI of security investments, and identify the best policies and coverage offered by their Insurance Providers to make up the difference. The knowledge gained from CyVaR gives them all the ability to make the right decisions to ultimately secure the value of their business.