Best Practice
Consultancy & Training
Effective Governance, Risk, and Compliance (GRC) related programmes
Comprehensive portfolio of public and in-house training programmes

Analytix Announced the Availability of a Cyber Risk Quantification Assessment Service

Press Release: Analytix Launches Cyber Risk Quantification Assessment Service

13 August, 2018
Johannesburg, 13 August, 2018 – Analytix today announced the availability of a cyber risk quantification assessment service that will assist businesses to quantify their organisations' financial risk exposure to cybersecurity events.

According to Johan Botha of Analytix, “The Analytix Cyber Risk Quantification Assessment Service leverages the Open Group’s Factor Analysis of Information Risk (Open FAIR) model and methods, as well as risk quantification software, to assist IT-, Information Security- and Risk Managers to better communicate the impact of cyber risks in financial terms. The cyber risk quantification assessments will enable management and the board to:

  • Quantify cyber risk in financial terms
  • Visualise the impact of cybersecurity initiatives
  • Assess the efficacy of cyber risk programmes and investments
  • Prioritise top risk-reduction opportunities
  • Identify the areas of loss to purchase and optimise cyber insurance

"The amount of money companies spend on cybersecurity technology and control measures cannot guarantee that companies will not suffer a cyber incident. As boards of directors and executives increasingly question the effort and amount of money spent on cyber solutions, the focus is shifting away from chasing technologies and controls that address this or that specific threat, towards the more sustainable solution of understanding cyber risk and transferring it accordingly. 

The cyber risk question has shifted from: “What processes, controls and technology can we put in place to guarantee that we do not have a cyber breach?” to, “What is the likelihood that my company will suffer a cyber incident, and what is the associated value at risk of potential cyber incidents?”. Quantification of cyber risk in Rands and cents, is crucial to drive a meaningful and impactful cyber risk management mitigation strategy.," said Johan Botha, Managing Director, Analytix. "

"Common risk management practices are often a barrier to achieving strategic business outcomes. By proactively assessing risk appetite and the value of the desired business outcome, information security and risk management can transform digital risk management into a competitive advantage," according to Gartner[1].

The Analytix Cyber Risk Quantification Assessment Service provides information security and risk management teams with the ability to quantify and communicate their cyber needs in a language that business leaders can easily understand. This helps clarify priorities for security investments, and also helps with planning for cyber risk activities such as:

  • Initial cyber risk analysis of the current state
  • Analysis, quantification and transfer (cyber insurance) of cyber risk
  • Support of cyber risk qualification assessments and other risk regimes
  • Cybersecurity remediation project
  • Prioritisation of alternative cybersecurity projects

Typical cyber risk scenarios that could be selected to conduct cyber risk quantification assessments on, include the migration of an IT system to the cloud, web app attacks, patching, ransomware / malware events, Data Loss Prevention (DLP) improvements, data encryption, improving and/or adding cybersecurity controls, anti-phishing controls efficacy, justifying cybersecurity technology investments etc. The presentation and reporting of the results will depend not only upon the purpose of the cyber risk analysis but also on your personal and company organisational preferences. With this information, the decision-maker can determine what (if anything) should be done about the current risk. Where applicable, cyber loss flows will be quantified according the Open FAIR’s  cyber loss categories, including loss of productivity, response, replacement, competitive advantage, fines / judgements and reputation.


The Cyber Risk Quantification Assessment Service is available from Analytix with immediate effect. 


Analytix is a consultancy and training firm that assists organisations to understand, implement and comply with Governance, Risk and Compliance (GRC) related best practice standards. Analytix specialises in cybersecurity and cyber risk quantification, combining the NIST CSF and Open FAIR (Factor Analysis of Information Risk) standards and software to assist organisations to assess and quantify cyber risk.

[1] Gartner, How to Get Your CEO to Embrace Digital Risk Management, John Wheeler, August 2016, refreshed December 19, 2017

Source: Analytix

Related Links

Connect with Analytix via @AnalytixG or www.analytix.co.za

Monday, August 13, 2018