FAIR Institute Blog

Experts debate the new 4-day timeframe to report on incidents as well as the definition of “material risk.”

Our readers are forward thinkers leading their organizations into new frontiers of the cyber risk landscape with FAIR quantitative risk analysis.

You aren't really measuring cyber risk if you are performing math on ordinal values assigned to vulnerabilities.

The impact of generative AI on phishing and how to quantify the resulting risk metrics with cyber risk quantification.

Explore real-world cyber risk scenarios involving the usage of LLMs and how to approach quantifying potential resulting loss metrics using Factor Analysis of Information Risk (FAIR).

How to introduce FAIR risk analysis and gain first victories in HIPAA compliance and more.

Watch out for solutions that offer too-simple aggregation of risk scenarios, black-box algorithms and other cautions from the creator of the FAIR model.

They generate numbers but are they cyber risk quantification, useful for prioritizing risks by loss exposure in dollars?

Cyber risks that aren’t risks, qualitative risk analysis pretending to be quantitative and more hazards.

Jack Jones wrote Understanding Cyber Risk Quantification: A Buyer’s Guide to help those looking to move up the evolutionary scale in risk management and communicate cyber risk in the non-technical, financial terms that business leaders demand.