Richemont Group, the parent company of Cartier and other luxury watch, jewelry and fashion brands, gave a presentation at the recent FAIR Institute Europe Summit in London that showed the broad applicability of Factor Analysis of Information Risk (FAIR™) for assessing risk across a diversified organization of 26 business units.
“Our complex environment is driving the need to have a structured and repeatable way to perform risk assessments across the Group,” Cyber Risk Specialist Pierre Olodo explained. The solution was FAIR.
Watch the video of the presentation:
Case Study for Cyber Risk Quantification in Luxury Watchmaking with Richemont
FAIR Institute Contributing Membership required to view. Learn about membership.
As a starting point for a FAIR program, the team focused on the value chain, “how much (cyber) risk is associated with the lifecycle of a product.” Pierre’s example was the manufacturing and sales phases of a luxury watch. As always, the art of FAIR analysis comes down to defining and quantifying risk scenarios.
In manufacturing, for instance, they scoped a phishing scenario resulting in loss of availability in the production lines and intellectual property systems. Pierre showed how they took a deep dive in the four phases of the manufacturing process, and shared how they gathered data for response and productivity costs, then ran Monte Carlo simulations to arrive at their average annualized loss exposure figures, the standard output of FAIR analysis.
From the Richemont presentation, FAIR Institute Europe Summit 2023
Pierre shared the parallel FAIR analysis journey on the sales side, covering the effect of loss of availability and confidentiality in their brick-and-mortar boutiques and e-commerce sites. Here they also dug deep, identifying different customer personas (new, loyal, etc.) and estimating how each might react to a cyber event, resulting in loss of sales.
Watch the video of this FAIR Institute Europe Summit presentation for a detailed look at how a FAIR program at the top of its game conducts quantitative cyber risk analysis.
Related:
Meet a Member Podcast: Cedric De Carvalho of Richemont on Introducing FAIR to 26 Lines of Business
