Posts
-
May 25th, 2022
Lessons in Communicating Cyber Risk to the Board and Business Leaders
Business leaders are not always technically-focused, so it is important for security teams to examine how they are communicating risk to leadership and ensure those methods are being effectively recei
-
Apr 26th, 2022
The Power of Combining Outside-In and Inside-Out Cyber Risk Quantification
ThreatConnect is excited about the partnership with SecurityScorecard for their Cyber Risk Quantification (CRQ) solution powered by ThreatConnect Risk Quantifier (RQ). Applying ThreatConnect’s s
-
Apr 13th, 2022
The Importance of Assessing & Communicating the Financial Impact of Cyber Risks
Just as a captain would navigate their ship across vast oceans, it’s the responsibility of business leaders to determine the direction of the overall corporate strategy. To do this effectivel
-
Jan 25th, 2022
Let’s talk about CFOs and Cyber Risk
If you have read my previous three blogs in this ‘Let’s talk’ series, you’ll know that we’ve talked about our conversations with CISOs and CIO – and now it’s time to turn our attenti
-
Jan 21st, 2022
Let’s talk about CIOs and Cyber Risk
In our previous blog, we looked at how cyber risk quantification (CRQ) can help CISOs and their teams to address some of the most pressing cybersecurity issues today. But change requires buy-in, so cr
-
Jan 19th, 2022
Let’s Talk About CISOs and Cyber Risk Quantification
Chief Information Security Officers (CISOs) serve a critical role in protecting their business from internal and external threats. They need to design and implement the right resources to mitigate gro
-
Jan 14th, 2022
4 Key Drivers Accelerating Cyber Risk Quantification
If you’ve attended any of our webinars on Cyber Risk Quantification (CRQ) in recent months, you’ll know that this is a topic I love talking about! You’re either thinking this is not true, or Iâ€
-
Oct 18th, 2021
FAIR and RQ: It’s time to evolve the conversation
I can’t wait until the day when cars can fully drive themselves. While I love driving I hate wasting time in traffic. And the number of accidents caused by human error is significantly larger than a
-
Sep 23rd, 2021
CRQ Isn’t Done Well: A Review of NIST’s Report on Integrating Cybersecurity and ERM
It’s been almost a year since the National Institute of Standards and Technology (NIST) issued its internal report on “Integrating Cybersecurity and Enterprise Risk Management (ERM).” I
-
Sep 17th, 2021
Bitsight’s Acquisition of VisibleRisk: A View From The CRQ World
This week, Bitsight raised $250 million from Moodys and acquired cyber risk quantification company VisibleRisk. The move certainly makes sense for Bitsight, but what does it mean for the cyber risk qu
-
Sep 14th, 2021
It’s Time to Flip the Script on How We Measure and Communicate Cyber Risk
The U.S. Securities and Exchange Commission (SEC) recently signaled its intent to get much tougher on companies when it comes to their management of cyber risk and inadequate disclosure of cybersecuri
-
Aug 3rd, 2021
Are Critical Infrastructures Ready For The New Federal Cybersecurity Standards Initiative?
President Joe Biden signed a National Security Memorandum last week that establishes a new Industrial Control Systems Cybersecurity Initiative to develop a voluntary set of standards for the nation’