The respected annual Cost of a Data Breach Report from IBM recommends Factor Analysis of Information Risk (FAIR™) as one of the steps to “help minimize financial impacts of a data breach” and presents a case study of IBM’s own use of FAIR to quantify risk at a a financial institution.
“The FAIR risk quantification methodology can help ascertain the probability of security incidents and calculate the associated costs in business value,” the report says in its recommendations section.
“Security is a business problem,” the report continues. “Board executives and business leaders want to know the likelihood of a cyber incident occurring and the impact to the company’s ability to produce and sell its products or services as well as the potential impact to the brand.”
IBM’s Risk Quantification Services leverage FAIR. “To quantify risk specific to your organization, IBM Security uses the FAIR model to estimate the probability of a data breach and size of the breach in financial terms,” the report says. The report shows sample results from a FAIR analysis of a data breach at a financial institution (see the screenshot below).
IBM became a sponsor of the FAIR Institute in 2021. You can meet IBM Security team members at the upcoming FAIR Conference.