Richemont is the parent to 26 luxury brands, all famous names in jewelry, watches, clothing, and accessories, each managed as a separate “Maison.” “When we wanted to compare risk within a business or across businesses, it was complicated” with qualitative measurement, Cedric De Carvalho, Head of Group Cyber Risk and Advisory, says.
So, he went looking for a methodology that met four requirements: Well-adapted and with an active user community, scalable for a big company, could be mapped to other cyber risk frameworks and with a standardized risk terminology. “The FAIR™ methodology was the only one that met all my requirements.”
Learn the fundamentals of FAIR with online training.
To learn how Cedric introduced FAIR to Richemont, take a look at his presentation at the 2021 FAIR Conference Practitioner Use Case Panorama, with one of the best set of slides I’ve seen for explaining FAIR at a high level to a business audience.
I caught up with Cedric in this Meet a Member conversation to learn more insights about launching and socializing a FAIR program in a complex corporate environment:
Benefits of the FAIR Cyber Risk Quantification Program at Richemont
To take one excerpt from our conversation, Cedric had a fresh take on the benefits of quantitative cyber risk management:
“The first benefit is not about quantification, it’s about the way that FAIR enables scoping a risk scenario…Without even talking about numbers, it enabled us to think about the way we articulate our risk register. Also, it makes risk more tangible to people.” Members of upper management have told Cedric that “it was easier for our stakeholders to feel concerned about cyber risk because they started understanding what it means for the business…
“Second, with this methodology, there’s no debate about what our top risks are. We are not using nonstandard risk metrics and choosing red, yellow, or green…
“Finally, it has also enabled us for the first time to express our uncertainty about risk…We may have bigger ranges in terms of accuracy but in the end, this is what we want to have, visibility for decisions.”
Network with and learn from FAIR practitioners like Cedric – join the FAIR Institute.