Richemont’s New Approach to Cyber Risk Management: Defend the Value Chain with FAIR

London Summit 2023 - Pierre Olodo - Richemont 2Richemont Group, the parent company of Cartier and other luxury watch, jewelry and fashion brands, gave a presentation at the recent FAIR Institute Europe Summit in London that showed the broad applicability of Factor Analysis of Information Risk (FAIR™) for assessing risk across a diversified organization of 26 business units.

“Our complex environment is driving the need to have a structured and repeatable way to perform risk assessments across the Group,” Cyber Risk Specialist Pierre Olodo explained. The solution was FAIR.


Watch the video of the presentation:

Case Study for Cyber Risk Quantification in Luxury Watchmaking with Richemont

FAIR Institute Contributing Membership required to view.  Learn about membership


As a starting point for a FAIR program, the team focused on the value chain, “how much (cyber) risk is associated with the lifecycle of a product.” Pierre’s example was the manufacturing and sales phases of a luxury watch. As always, the art of FAIR analysis comes down to defining and quantifying risk scenarios. 

In manufacturing, for instance, they scoped a phishing scenario resulting in loss of availability in the production lines and intellectual property systems. Pierre showed how they took a deep dive in the four phases of the manufacturing process, and shared how they gathered data for response and productivity costs, then ran Monte Carlo simulations to arrive at their average annualized loss exposure figures, the standard output of FAIR analysis.

 London Summit - FAIR Institute - Richemont FAIR Analysis

From the Richemont presentation, FAIR Institute Europe Summit 2023

Pierre shared the parallel FAIR analysis journey on the sales side, covering the effect of loss of availability and confidentiality in their brick-and-mortar boutiques and e-commerce sites. Here they also dug deep, identifying different customer personas (new, loyal, etc.) and estimating how each might react to a cyber event, resulting in loss of sales.

Watch the video of this FAIR Institute Europe Summit presentation for a detailed look at how a FAIR program at the top of its game conducts quantitative cyber risk analysis.

Related:

FAIR Institute London Summit: Maersk Case Study on FAIR Analysis for M&A Risk - “Sometimes Talking Dollars Is Not Enough”

Meet a Member Podcast: Cedric De Carvalho of Richemont on Introducing FAIR to 26 Lines of Business

Learn How FAIR Can Help You Make Better Business Decisions

Order today
image 37