2. Estimate Return on Investment for Security Projects
Start with the baseline analysis you’ve generated for a top risk, then run what-if scenarios to game out the reduction in risk (in other words, the effect on frequency and magnitude of loss) in dollar terms that alternate security projects would provide. Compare those figures to the cost of the new controls or processes.
Cost/benefit analysis, again plotted against risk tolerance, gives executives a credible means to choose among projects.
Learn from this webinar with Jack Jones, creator of FAIR:
Changing Executive Priorities and Investments in Security with Risk Quantification
3. Make a Smart Purchase of Cyber Insurance
Cyber insurance premiums are going up and so are coverage exclusions. There’s no better investment in FAIR than running analysis of your top risks so you understand your maximum loss exposure. FAIR analysis is also a great tool for going line by line through the sub-limits in your policy and determining where you could add or reduce coverage or even self-insure, with an eye on risk tolerance. The data gathering you do for FAIR, such as your probable costs for fines and judgements or productivity loss, will serve you well here. FAIR’s Six Forms of Loss provide a structure for digging through the fine print.
Learn more: Cyber Insurance Market Is Tight. Protect Yourself with a FAIR Analysis
4. Cyber Due Diligence for Mergers and Acquisitions
Just as you do for your own organization, you can run FAIR analysis on an M&A target company, using estimates based on the target’s data disclosures or industry standard data to get as good a picture as possible of their top risks and critical assets. It puts context around a first-line-of-defense investigation (as in, how significant are any vulnerabilities discovered?). FAIR provides a structured way to figure cyber loss exposure for valuation of a merger candidate, and possibly a warning sign tell you to walk from the deal.
Try FAIR analysis for yourself with our FAIR-U training application
FAIR Training through the FAIR Institute - Learn from Expert Practitioners