Nick Sanna is Founder and President of the FAIR Institute
Recognition of FAIR as the standard model for defining and quantifying cybersecurity and operational risk and interest in learning about the FAIR model hit a critical mass last year:
Membership in the FAIR Institute passed 10,000, less than five years after the Institute’s founding. Members represent over 40% of the Fortune 1000, in 118 countries, a clear sign that the desire to better assess risk is on the map of an increasingly large number of organizations.
In 2020, leading industry organizations recognized and recommended FAIR as a standard for improving risk assessment and security budget prioritization:
On the heels of a very difficult year, with the pandemic disruptions and a dramatic increase in cyber attacks, government and private enterprise organizations are looking for ways to improve their long-term risk posture and defense capabilities. With a more remote workforce and many new business and customer-facing services moving online, the footprint exposed to attack is only getting bigger.
As never before, organizations must prioritize the digital risks that matter most and allocate budgets where they can have the biggest effect on meeting acceptable risk levels and business goals. The days when you could wing it by applying best practices across the board are gone – the level of threat activity and the number of vulnerabilities are just too large. You must prioritize, cost-effectively!
Our friends at Gartner reported a record interest in cyber risk quantification and digital risk management in 2020 not only by CISOs but increasingly by business leaders, driven by the simultaneous need for supporting new digital initiatives and reining in cybersecurity cost. What apparently is holding most back is understanding how to do it.
Gartner Research Director Khushbu Pratap spoke at the 2020 FAIR Conference on the Drivers for Cyber Risk Management and Digital Transformation
Cyber risk executives and business leaders with security oversight will have a huge role to play this year. As a center for collaboration, we at the FAIR Institute will continue to support them with education on the FAIR standard, awareness of best practices and FAIR-based solutions that can help them better align cybersecurity with business objectives.
To all the members of the FAIR community around the world, I wish you a Happy New Year!