A recent survey by the Professional Risk Managers International Association (PRMIA) uncovered high frustration among risk professionals with data – the quality, usability, and general time suck required for the raw material of risk analysis.
Read the PRMIA Survey: Unlocking the Future of Risk Data Management
Problems with Risk Data
According to the survey:
- Data quality issues account for the top pain points of almost 60% of risk teams.
- 64% of risk teams spent most of their time sourcing, reconciling or transforming data for use in risk management systems.
- 75% said the biggest technological challenge is created by the number of different data formats and systems for risk data
- 51% said that improving the quality and timeliness of risk data is the most important strategic element of overall risk management
The Solution: Data Governance
What’s the underlying problem? The survey gives a clue: “Most firms only have a partial and siloed data management strategy across their organization.”
In a recent white paper for the FAIR Institute, Evan Wheeler, VP of Risk Management at NVDR, Inc. and a FAIR Institute Advisory Board member, made a strong case to start or improve a data governance process.
Evan laid out some basic tactics:
- Labeling your data is crucial (i.e., establish a data catalog with clear definitions for each data element)
- Create clear paths for data to flow through (i.e., know where the data is sourced from and how it is transformed along the way)
- Be able to govern changes in how data is calculated (i.e., managing changes to the methodologies for calculating and reporting metrics)
Check the white paper for a complete list of steps to better data management.
“Data is truly the lifeblood of the business, and it can be a costly mistake to delay implementing some basic data governance practices,” Evan wrote.
Read the white paper Data Governance Practices for Cyber Risk Management by Evan Wheeler
Learn more about data management and data quality best practices in two presentations at the 2021 FAIR Conference (FAIRCON21)
RiskLens data scientists Ben Gowan and Justin Theriot will present
“Case Study - Accelerating FAIR Analyses by 10x with Industry Data,” 2:00 PM, Wednesday, October 20.
Ben and Justin will discuss applying statistical and econometric modeling and FAIR analysis to cyber loss event data to create reliable projections of data breach costs. RiskLens presented the details on the model at the most recent conference of the Society of Information Risk Analysts: Estimating Financial Losses From A Data Breach: Log-Log And Logistic Regression With Bernoulli Trials And Monte Carlo Simulations.
David Severski, Senior Data Scientist, Cyentia Institute, will present
“Data Science for Practical Risk Management with Cyentia’s IRIS Retina”, 2:30 PM, Wednesday, October 20.
Retina is a service that provides risk managers with inputs and insights on all the factors for FAIR cyber risk quantification. For a taste of David’s presentation, see the presentation from last year’s FAIR Conference by Wade Baker, Ph.D., Partner and Co-Founder at Cyentia, on How to Find Data for Every One of the FAIR Factors.