In the past five months, the FAIR Institute has been growing as the fastest pace yet! In under three years since the founding of the Institute, membership has now officially surpassed 4,000 members and we gained our most recent 1,000 members in only 5 months.
Read the press release:
FAIR Institute Membership Surges to More than 4,000 as Quantifying Cyber and Operational Risk Becomes a Top Business Priority
There are no signs of slowing down! Every day, more and more risk professionals are joining the community to gain expert knowledge on Factor Analysis of Information Risk (FAIR) and how to effectively manage risk at their organization.
And with each passing day, recognition for FAIR across the industry continues to grow. Take for example the fact that FAIR made its way to the Version 7 of the SANS CIS Controls poster as part of the Five Keys for Building a Cybersecurity Program -- and that 2019 will see a number of SANS training events all around FAIR.
A look into our membership base shows the signs of far-reaching FAIR adoption; there are FAIR members across the largest companies around the world:
- Institute members come from 87 different countries
- 20% of the member base is comprised of senior leadership of security and risk, including CISOs, Vice Presidents, Heads of Security, and C-Suite Executives from the largest companies in the world
- Nearly 30% of Fortune 1000 companies are represented in Institute Membership
- 8 of the Fortune 10 organizations have members in the Institute
- 75% of the Fortune 50 are member organizations of the FAIR Institute
Luke Bader is Director, Memberships and Programs, for the FAIR Institute
Here are some more highlights from the past five months:
We hosted the largest FAIR Conference ever at Carnegie Mellon University in partnership with the Software Engineering Institute (SEI). SEI’s process to assess risk, OCTAVE, endorsed FAIR in saying that it can be “used in conjunction with the latest version of OCTAVE to provide a complete qualitative and quantitative picture of organizational risk.” With over a dozen sessions and a multitude of speakers, this year’s FAIRCON was the best yet. Full recordings of the sessions and a photo gallery are being posted every week and are available to Institute Members on LINK.
We have recently announced two major partnerships with expert organizations that have bought into FAIR and are endorsing it in their work:
CyberVista, the leading cybersecurity education and workforce development company known for its board director education work has aligned the curriculum of its popular Resolve cybersecurity training and its new Digital Cyber Risk Program, with FAIR to make learning the framework more accessible.
Global Resilience Federation (GRF) and the FAIR Institute announced in October that they have formed a new strategic partnership which will enable GRF members to quantify cyber risk and ascribe a currency value to the unique cyber risk surface of each member organization. The quantification of cyber risk in monetary terms is rapidly becoming a requirement and this partnership agreement provides GRF members with a discounted rate for training on the FAIR methodology, which for the first time, enables true cyber risk quantification.
In addition to new partnerships, we saw an increased call for FAIR and risk quantification from other groups and the media:
- Gartner, the influential technology consulting firm, has named “risk quantification and analytics” to its list of “critical capabilities” for integrated risk management (IRM), the latest endorsement for a FAIR-style approach to managing cyber risk based on financial analysis.
- In a LinkedIn post, Christine Lagarde, Managing Director of the International Monetary Fund, calls cyber risk not just a top risk but “a significant threat to the financial system” and cites a new IMF study that cyber-attacks could already cost banks close to nine percent of net income globally or around $100 billion on average a year.
- The Wall Street Journal says ‘FAIR Is Gaining Traction’ in cyber risk analysis in a recent article published in the WSJ Pro Cybersecurity Cyber Daily newsletter (subscription required). In profiling Charles Schwab’s implementation of a FAIR program, the Journal says, “Companies are moving to deploy methods to calculate the financial impact of cyber threats."
The leadership at the FAIR Institute is growing as well. We recently added two new members to our Board of Advisors:
- Zulfikar Ramzan, CTO, RSA Security
- Kim Jones, Director, Cybersecurity Education Consortium, Arizona State University
Both Zully and Kim are outspoken advocates for FAIR and quantification. Their presence on the Board has already been a huge addition for the community and the industry as a whole.
The FAIR Institute, in partnership with our sponsors launched the 2018 Risk Management Maturity Survey, an opportunity for cyber and information risk professionals to rate their risk management practices and benchmark their organizations against their peers. As respondent numbers grew, we are beginning down our path in creating a maturity timeline for the industry. Preliminary results were displayed in Jack Jones’ Keynote at FAIRCON, with the full results paper being released soon.
The message of FAIR has also been spreading around the globe! Two new local chapters have been launched recently in Sydney, Australia, the second in the country, and in South Africa, the first on the continent! The Institute also held its inaugural Federal Government Chapter Meeting in Washington, DC. Bringing together government and military officials from dozens of agencies, the Institute is committed to helping all of the branches of the federal government to learn more about the standard FAIR risk model. If you are interested in meeting and learning from FAIR experts in your area, join a local chapter today!
After all of these updates, you are probably asking yourself, “This is great, what next?” Well, we have partnered with our Technical Advisor, RiskLens, to give all FAIR Institute members a discount to their online FAIR Training Courses during the month of November. The original FAIR Fundamentals certification course and the newly created FAIR Analyst Learning Path provide both a conceptual foundation and a next level understanding to risk management professionals. For more information, please email us today to get the promotional codes.
If you aren’t a member of the FAIR Institute yet, it is high-time that you should be! Sign up for FAIR Institute membership (it’s free) and connect with FAIR practitioners around the world on our Link discussion boards.