Quantifying Cyber Risk
Despite facing ever-increasing cyber risks, financial institutions are still finding it challenging to understand and measure their cyber exposures. Unlike other operational risks, data surrounding cyber is limited. And both the technology and the perils associated with it are constantly evolving.
Our new briefing, Finding the Elusive Cyber Loss Curve Can Pay Big Dividends for Financial Institutions, argues that the qualitative frameworks traditionally used to measure cyber are no longer sufficient for the financial sector. Instead, organizations need to obtain credible quantitative estimates for both the severity and likelihood of different cyber risks that can cripple their operations. One method to quantify cyber — developing a cyber-specific loss curve — can help financial companies develop a meaningful capital risk framework for cyber.