 Cyber risk valuation: Show me the moneyJohn B. Sapp Cyber Security: A Peer-Reviewed Journal, 2017, vol. 1, issue 1, 92-94 Abstract: Historically, qualitative risk analysis has been the method utilised by information security professionals and risk managers to identify and prioritise the risk associated with the use of IT systems in business operations to meet business goals and objectives. That is changing – with the C-suite and Board of Directors across the various industries, as well as public and private sectors, considering the increasing volume and cost of data breaches as a significant business risk, they are demanding the expression of cyber risk and the relative measure of risk or asset value based upon objective quantitative analysis. While probability and likelihood still factor into the equation, CISOs must now demonstrate the value they bring in securing the value of business by justifying the investments in cybersecurity technologies, processes and people in specific financial terms. ROI is nearly impossible to define, so the concept of cyber risk valuation is becoming more prevalent and is projected to be the primary means used by cyber insurance brokers to determine the level of cyber risk and cybersecurity maturity of an organisation when considering coverage options and policy exclusions. Keywords: cyber risk; value-at-risk; cybersecurity maturity; cyber risk reduction; cyber risk mitigation; cyber risk management (search for similar items in EconPapers) Downloads: (external link) Related works: Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text Persistent link: https://EconPapers.repec.org/RePEc:aza:csj000:y:2017:v:1:i:1:p:92-94 Access Statistics for this article More articles in Cyber Security: A Peer-Reviewed Journal from Henry Stewart Publications |
Is your work missing from RePEc? Here is how to contribute.
Questions or problems? Check the EconPapers FAQ or send mail to .
EconPapers is hosted by the
School of Business at Örebro University.