Every year, we count the page views for the FAIR Institute blog posts released in the year for a read on the interests of FAIR practitioners and FAIR fans – the most thoughtful and forward-looking risk officers, cybersecurity leaders and business executives around.
The message of this year’s most popular posts comes through loud and clear. Blog readers were most often looking for ways to mature their FAIR programs by grounding them in models, standards and frameworks that are reliable and repeatable – and closely align cyber risk management and business objectives.
Of the top 10 blog posts published in 2025, six covered standards and frameworks. Special mention to Todd Tucker, Managing Director of the Institute, for writing many of these blog posts that together make a roadmap to building a successful FAIR risk management program.
Here’s the leaderboard, in order of page views.
1. A FAIR Framework for Effective Cyber Risk Management
The post that ran up the most page views by far detailed the integration of the FAIR Model, FAIR Controls Analytics Model (FAIR-CAM), and FAIR Materiality Assessment Model (FAIR-MAM) into a new framework (see the image above).
2. Announcing a FAIR Taxonomy for Cyber Risk Scenarios
This guide provided a standardized taxonomy for cyber risk scenarios, ensuring analysts and decision-makers can “consistently define risks, develop risk registers, and prioritize scenarios.”
3. FAIR Case Studies from Mastercard, Maersk, Virgin Media - FAIR Inst Europe Summit
Experienced FAIR practitioners sharing success stories with the community - that’s the appeal of both FAIRCON and the annual Europe Summit, held in 2025 in London.
4. Looking Ahead to 2025: Cybersecurity Trends and the FAIR Institute’s Plans for the Future
Promises made and kept: This post announced that the FAIR Institute would focus on building out the body of knowledge of the FAIR family of standards – and release a State of Cyber Risk Management report, an authoritative look at best practices in FAIR program building.
5. Announcing the FAIR Cyber Risk Management Program (FAIR-CRMP) Standard v1.0
“A first-of-its-kind standard that defines what a comprehensive and business-aligned cyber risk management program should look like when built on FAIR.”
6. Why I Failed the AIGP Exam - And You Should Too
We welcome blog post contributions from members, and this one from FAIR Institute Atlanta Chapter Chair Donna Gallaher turned a lot of heads. Donna “flunked” because of a fundamental disconnect between what industry needs for AI risk governance and the “utopian” standard certification test for AI risk managers.
7. Manus AI Isn't the Risk, How You Use It Is: Navigating Autonomous AI with FAIR-AIR
The panicky buzz around the Chinese agentic AI capable of autonomous task execution and logical reasoning prompted this cautionary blog post, arguing for cutting through the hype and applying a structured approach with FAIR-AIR (Factor Analysis of Information Risk for AI – see the image above).
8. Taming Agentic AI risks with FAIR-CAM
A creative application of the FAIR Controls Analytics Model (FAIR-CAM) to analyze risk dynamics between AI agents and their human users, written by Sydney Institute Chapter Co-Chair Denny Wan. We are sad to add that Denny passed away in 2025.
9. New Whitepaper: Use FAIR to Build a NIST CSF 2.0-Based Cyber Risk Management Program
Leveraging the CSF’s Govern function, this guide “defines implementation tiers that guide organizations in assessing their current governance maturity, establishing risk management policies and enhancing program effectiveness through a structured, scalable roadmap tailored to the organization’s unique risk profile..”
FAIRCON25 Posts Runners-Up
While the Top 10 list recognizes individual posts that shone, it's worth attention that collectively our coverage of the 2025 FAIR Conference scores high on the list. Two posts from FAIR movement thought leaders stand out:
Nick Sanna’s FAIRCON25 Welcome: the Future of Cyber Risk Management Starts Here - address by the Founder of the FAIR Institute
SAFE CEO Saket Modi FAIRCON25 Keynote: From Cyber Risk Quantification to ‘Decision Intelligence’ - address by the CEO of the Institute’s Technical Adviser
Become a FAIR Institute member for access to resources, discounts on training and conferences, and more benefits of joining the international FAIR community.
