Nick Sanna’s Keynote to FAIR Institute Europe Summit on Winning the Economics of Cyber Risk Management (Video)


FAIR Institute President Nick Sanna gave a sweeping address on the state of cyber risk management to open the recent FAIR Institute Europe Summit in Paris – and presented a mission statement for the FAIR community.

“This event is going to help us reflect on what it takes to address cyber risk as business risk,” Nick said. “This community’s goal is to help bridge that gap between technology and the business in ways it hasn’t been done before.”

Watch Nick Sanna’s Address to the 2023 FAIR Institute Europe Summit 

“If we treat cyber risk as a technology problem, we are going to do a lot of busywork…and not focus on the economics of the problem…The economics for the bad guys are improving,” for instance, with cheaper and better hacking services offered on the dark web.

Meanwhile, the defenders in many cases don’t understand the effectiveness or ROI of their defenses. “The reason we are here is to change that economics.”

Nick went on to cover current trends in cyber risk management:

>>Boards starting to demand more accountability from cybersecurity teams

>>Business leaders want cyber risk reporting that keeps pace with business decision making

>>Regulators requiring more quantitative risk assessments in the US (NYDFS, SEC), EU  (DORA, NIS2) and Jordan’s National Cyber Security Center

>>After mis-pricing ransomware policies, the insurance industry realizes it must move to better quantitative risk analysis.

To meet the challenges of the day, Nick laid out the ambitious research agenda of the FAIR Institute, including:

>>Developing the new extensions to the FAIR standard for more accurate measurement of cyber event losses (FAIR-MAM) and controls effectiveness (FAIR-CAM) to enable the next level of automation in cyber risk management

>>Exploring the frontier of risk management in artificial intelligence, particularly business application of GenAI, so that businesses can go safely faster 

>>Quantifying and automating the management of third-party risk, currently stuck with wholly inadequate tools such as questionnaires and outside-in telemetry.

>>Solving the cyber insurance problem

“Our research agenda is really rich,” Nick said. “There are a lot of smart people around the world who are focusing on these problems…This will take a village – risk is multidisciplinary…We need the contributions of practitioners, vendors, academics, regulators, and the wider government to work together as a system.

“Every time we meet,” Nick said to the FAIR Summit attendees, “we should see the progression moving forward to turn the tide on the economics.”

Watch Nick Sanna’s Address to the 2023 FAIR Institute Europe Summit 

Learn How FAIR Can Help You Make Better Business Decisions

Order today
image 37