Home » Cyber Risk Quantification Assessment
Category: Cyber Risk Quantification
Analytix provides analyses and quantification of organisations’ cyber risk with the aim to:
- Model your cyber risk environment (assets, relevant cyber threat communities, cybersecurity controls)
- Develop cyber risk scenarios (apply data regarding cyber control conditions and cyber threat activity)
- Run cyber risk scenario based simulations (calculate cyber risk loss exposure with Monte Carlo simulations and run sensitivity analysis to identify areas for improvement and cyber risk mitigation strategies and options)
- Generate cyber risk quantification and analytics reports (discover concentrations of cyber risk, track cyber loss exposure over time, and proactively manage your organisation’s cyber risk)
Our Cyber Risk Quantification assessment projects are executed involving the the following phases:
1. Initiate the Risk Analysis
2. Scope/Plan the Risk Analysis
3. Execute the Risk Analysis
4. Report Risk Analysis Results
Regardless of the purpose, all cyber risk analyses exercises will go through the initiation, scoping, planning, execution, and informing phases of the analysis. The purpose of the risk analysis will ultimately dictate which steps are taken within the execution phase: Greenfield analyses, analyses used to evaluate risk to transfer or insure, and analyses in support of other regimes will not need to complete all the steps within it, while analyses for remediation projects or alternative prioritization will complete all the steps. The steps within these phases are described in the following sections of this Guide and are depicted in Figure 1.
While the steps taken may vary, all these categories of risk analysis share an identical goal:
- To assist with effective decision-making, which is why the final phase for every risk analysis purpose is informing the decision-maker.
The Open FAIR cyber risk assessment methodology follows a bottom-up approach. That is, it focuses on ensuring that the cyber risk analyses are completed using an accurate model; using an accurate model helps ensure that measurements are indeed meaningful and, therefore, can be used to make effective comparisons.
These comparisons lead to informed decisions and ultimately allow decision-makers to make effective decisions.
Open FAIR, an International Standard – Our cyber risk analysis service leverages the Open Group’s Factor Analysis of Information Risk (Open FAIR) cyber risk quantification model and methods. Open FAIR provides a standard definition of and taxonomy for information security risk and is an international standard of the Open Group that has undergone due diligence reviews by industry leading organisations.
By applying a consistent the well defined Open FAIR standard that breaks the components of information risk into their individual factors, organisations are able to consistently define and manage cyber risk. Today FAIR is used by organisations around the world, including many Fortune 500 companies
Use Distributions and Simulations with Expert Data – Our consultants use Cyber Risk quantification software that utilises betaPERT distributions and Monte Carlo simulations to meaningfully your quantify cyber risk, even from limited subject matter expert data. Both methods have been in use for decades by businesses and academics to model data and drive better-informed business decisions
Combined with Open FAIR and with today’s available computational power, the risk analysis software is able to provide practical cyber risk quantification to organisations
Our cyber risk analysis approach provides multiple view through which to view and better understand your organisation’s cyber risk landscape.
- Set Cyber Risk Appetite and Control Thresholds
- View the results of a cyber analysis in the context of an organisation’s business goals and in the language the business speaks.
- Manage the your organisation’s risk appetite at the source of the risk components with full context
- Set risk appetite and risk thresholds for the entire enterprise or individual organisational units, forms of loss, and asset classes
- Set control thresholds for asset classes and receive automatic notification if the reported capabilities for an asset class are deficient or the loss exposure for an asset class is above the threshold
- Powerful Comparisons
- The risk analytics components of the cyber risk quantification reports provide a variety of powerful comparisons for the full exploration of an analysis
- Compare loss exposure for any component within an analysis: Forms of Loss, Departments, Asset Category, Asset Class, Threat Actors, Individual Scenarios and more
- Track the organisation’s cyber loss exposure over time for the entire organisation, its departments and asset classes
- Explore and report all components of a cyber risk analysis with an analysis’ of cyber risk scenarios that allows for the comparison of loss exposure, loss event frequency and vulnerability
Key Benefits
- Establish a consistent, sustainable approach to an cyber risk management lifecycle
- Execute cyber risk and cyber threat assessments and manage issues related to cyber risk assessments
- Quantify cyber risk in financial terms
- Assess the efficacy of cyber risk programs
- Prioritise top risk reduction opportunities for investment
- Identify the areas of loss to support cyber insurance strategies
Train Your Team In-house
Frequently Asked Questions
Use our FAQ to quickly find the answers to the most common questions asked by customers.
Why choose us?
We have over 22 years of experience in helping businesses and employees reach their potential with advanced skills and certifications, no matter what their industry or background experience.
All our services are bespoke, which means we offer the freedom and flexibility to create a solution specific to your industry & training needs.
We can use one or more of our services to deliver the outcome required to gain the maximum results for your business.
Specialist Consultancy Services
We offer a free introductory consultation service, to get an understanding of your organisation, your working environment & your training needs.
Our expertise & experience, combined with your working knowledge, delivers results that are practical & specific to your needs.
Training That Works
We have been involved in many differing, diverse & interesting projects & we have built relationships with organisations from varying industries & sizes. Our efficient, cost-effective and engaging training courses are designed for your company and team to improve the overall business performance and equip employees with up-to-date skills and knowledge.
Talk to us today, and let us help you develop your team with our bespoke training and consultancy services.
Do you only deliver training in Johannesburg?
No, we deliver training in all 9 provinces within South Africa. We have also delivery training in several countries such as Belgium, The Kingdom of Saudi Arabia, Togo, Zambia, Rwanda, Tanzania and Swaziland.
What are the minimum and the maximum number of candidates we can train in-house?
The minimum number of candidates required for in-house training is 6. With regard to the maximum number, this depends a little on the size of the training room you have available, but we normally say between 15 – 25.
Can you tailor the course to our specific requirements?
Yes, all of our courses can be tailored to your requirements. We will aim to refer to working examples within your business or industry.
Who are your clients?
Our clients come from companies and organisations of all sizes within the public and private sector. We work in most industries and have a proven track record of delivering high levels of customer satisfaction. See some of the names we have worked with here.

Instant Purchase in 4 easy steps!
- Pay with card
- Receive an instant download link
- Click on the download link
- Files download straight to your PC