Five FAIR practitioners and three FAIR-based risk management programs were honored with this year’s FAIR Institute Awards for their roles in Resetting Cyber Risk in the Age of AI, the theme of the 10th Annual FAIR Conference, Nov. 4-5, 2025, the global gathering exploring Factor Analysis of Information Risk (FAIR), the standard for cyber risk quantification and risk management.
The awards were presented last night at a gala dinner in New York attended by more than 600 conference goers.
The pace of change in technology and its corresponding cyber risks has never been faster and cyber risk management (CRM) is evolving to meet the challenge.
This year’s sold-out FAIR Conference covered the many drivers advancing the reset of CRM: continuous risk monitoring, data-driven risk analytics, integration across silos and more elements encompassed in the FAIR Cyber Risk Management Program (FAIR-CRMP) Standard.
Here are the FAIR Institute Award winners and finalists for 2025:
Robert Allen, Institute Founder Nick Sanna and Robert Jordan
Cyber Risk Executive of the Year
Honors CISOs and senior executives who demonstrate outstanding leadership in aligning cybersecurity with enterprise risk and business strategy, delivering measurable improvements in outcomes, and influencing business stakeholders.
Winners
Robert S. Allen, Global CISO and Responsible AI Officer, Gallagher
Robert created an enterprise-wide FAIR program for this global leader in insurance risk management and consulting, informing Board reporting and investment decisions and enabling over $300 million in measured risk reduction,
David Jordan, SVP & CISO, IHG Hotels & Resorts
David led the evolution of cybersecurity at this international hotel organization to a strategic, risk-driven function using FAIR-based analysis, automation and continuous measurement, operating through a Global Center of Excellence. Learn more in a blog post: IHG Shares Its Story of Scaling FAIR.
Finalists
- Mohammad Arif, Head of Information Security (CISO), Guild Group
- James Bowie, VP & CISO, Tampa General Hospital
- Marina Spyrou, Chief Information Officer and Chief Information Security Officer, Multinational Healthcare Company
Cyber Risk Management Program of the Year
Recognizes teams that run mature, quantitative cyber risk programs with clear governance integration, measurable outcomes, and a track record of enabling better business decisions.
Winner
Richemont (Pierre Olodo, Cyber Risk Manager)
From a single analyst generating qualitative analysis four years ago, this luxury retail group, grew its risk management staff and FAIR capabilities to extend to all 25 major business units. The quantitative approach drew C-level executives into risk discussions for the first time. Learn more about FAIR at Richemont in this webinar.
Finalists
- Athenahealth (Salil Aroskar, Senior Manager, Cyber Risk Management, and Carolyn Wakefield, Executive Director, InfoSec)
- Guild Group (Mohammad Arif, Head of Information Security [CISO])
- Tampa General Hospital (Dan Holland, Deputy CISO)
- Zscaler (Francisco Igual, Sr Director Cyber Risk Management, Zscaler)
Excellence in Third-Party Risk Management
Recognizes organizations at the forefront of managing vendor risk with quantitative analysis, continuous risk monitoring and measurable outcomes.
Winner
UPMC (Ryan George, Sr. Director, IT Security)
With FAIR-based quantitative risk management, this healthcare provider and insurer has continuously worked with vendors to reduce financial loss exposure by purging data, with risk reduction of close to $217 million.
Finalist
- CarGurus (Abhishek Iyer, Manager, Information Security Risk and Compliance)
Jay Vinda
Cyber Insurance Innovation
Spotlights the application of FAIR principles and techniques to drive efficient pricing of premiums and tailored coverage.
Winner
Mosaic Insurance (Jay Vinda, Global CISO & Cyber Risk Engineering Lead)
Jay’s team at Mosaic has pioneered FAIR-based risk quantification and telemetry-driven underwriting. By quantifying exposure in dollars, Mosaic can reward increases in resilience with premium reductions.
Finalist
- Zurich Insurance (Andreas Schmitt, Global Cyber Underwriting Manager)
Denny Wan FAIR Ambassador
Renamed in 2025 in honor of Denny Wan, a beloved FAIR Institute member, chapter co-chair, and 2024 award recipient, these awards recognize members who champion FAIR through advocacy, mentorship, education, and community-building.
Prometheus Yang
Denny Wan FAIR Ambassador (APAC)
Winner
Prometheus Yang, Co-Founder, Taiwan Risk Governance and Measurement Association
Prometheus co-founded the FAIR Institute Taiwan Chapter and has educated 500+ APAC practitioners through webinars and chapter events. He created bilingual CRQ guides and case-study workshops, transforming FAIR into actionable executive playbooks.
Finalists
- Mohammad Arif, Head of Information Security, Guild Group
- Deepak Talwar, Chief AI and Cyber Security Officer, AsteriaVisions Pte Ltd
Laura Voicu
Denny Wan FAIR Ambassador (Europe)
Winner
Laura Voicu, Principal Security Assurance, Elastic
The Co-Chair of the FAIR Institute Swiss Chapter, Laura was an early advocate for FAIR in Europe, first applying the model in 2018 at Swisscom. Laura has contributed content to ISACA Journal and other publications advancing FAIR, with an emphasis on practical adoption. She brings the discipline of a Ph.D. in data science, machine learning and decision science to the FAIR community. Read a blog post by Laura: Bringing Financial Discipline to Cyber Risk Decisions.
Finalist
- Pierre Olodo, Cyber Risk Manager, Richemont
AJ Anand
Denny Wan FAIR Ambassador (North America)
Winner
AJ Anand, Director of Transformation Services, Global Security, ADP
ADP was a very early FAIR shop, and AJ took instruction directly from FAIR creator Jack Jones as far back as 2014. As Co-Chair of the New York Metro Chapter of the FAIR Institute, he has hosted many chapter meetings and actively promoted FAIR at regional industry events. He also serves on the Institute’s Education Advisory Committee.
Finalists
- Abhishek Iyer, Manager, Information Security Risk and Compliance, CarGurus
- Jimmy Lummis, Director of Cyber Risk Management, IHG
- Akshay Mittal, Member of Technical Staff - Software Engineer, PayPal
Please join us in applauding these outstanding members of the FAIR Community, resetting cyber risk management, the FAIR Award winners of 2025.
FAIR Institute Crew at FAIRCON25: Luke Bader (Director, Memberships and Programs), Bernadette Dunn (Director, FAIR Enablement), Todd Tucker (Managing Director)
Note: A special thanks to our 2025 FAIR Institute Awards judges:
Chon Abraham, Professor, William & Mary
Brian Allen, Managing Director and Author, AI RegRisk Think Tank
Alexander Antukh, CISO, AboitizPower
Glen Armes, Virtual CISO, Armes Vantage
Brandon Bapst, Cyber Risk Advisor and Author, EY
Mathias Bücherl, Group CISO, Heidelberg Materials
Tom Callaghan, Co-Founder and Managing Director, C-Risk
Zach Cossairt, Senior Director, Risk Advisory, SAFE Security
Michelle Griffith, VP, Security GRC, IHG Hotels & Resorts
Dana Haubold, Independent CISO / Cyber Security Advisor, United Arab Emirates
Caleb Juhnke, Global Head of Cyber Risk Management, Elsevier
Omar Khawaja, Field CISO, Databricks
Tony Martin-Vegue, Cyber Risk Consultant and Author
Rob Moore, VP, Technology Risk Management, Mastercard
Ben Moreland, Risk Practice Director, GuidePoint Security
Mike Radigan, Cyber Risk Advisor, Cisco
Nick Sanna, President and Founder, FAIR Institute
Krishna Sheshabhattar, Head of Governance, Atlassian
Daniel Stone, Director, Protiviti
Todd Tucker, Managing Director, FAIR Institute
Michael Vallone, Director, Global Head of Cyber Risk Solutions, Booz Allen Hamilton
Read our blog post coverage of the 2025 FAIR Conference
