FAIR Institute Blog

Promotes a “risk-based approach to security” and “Cybersecurity Economics” to help every organization develop a sophisticated cyber risk management program.

Provides a more detailed breakdown and description of the categories that contribute to Loss Magnitude -- and determine material risk.

Experts debate the new 4-day timeframe to report on incidents as well as the definition of “material risk.”

FAIR Fundamentals course gets updated, Institute will give certifications and new emphasis on continuing education targeted by industry and job position.

They took their company from no coherent cybersecurity program to quantitative risk management with buy-in from business leaders.

Our readers are forward thinkers leading their organizations into new frontiers of the cyber risk landscape with FAIR quantitative risk analysis.

Insurance data may not be useful for many CISO decisions as it doesn’t account for probabilities specific to the organization.

Stop spending millions on cybersecurity and hoping that cyber threats will go away – move to a quantitative, risk-based strategy.

Keep reporting simple but be ready to go into depth on your cyber risk quantitative analysis.

You aren't really measuring cyber risk if you are performing math on ordinal values assigned to vulnerabilities.