FAIR Institute Membership Surges to More than 4,000 as Quantifying Cyber and Operational Risk Becomes a Top Business Priority

[fa icon="calendar"] Dec 17, 2018 11:51:08 AM / by Luke Bader

Luke Bader

Originally published on Globe Newswire December 17, 2018

80% of the Fortune 10, 75% of Fortune 50 and 30% of Fortune 1,000 Now Represented by FAIR Institute Members

RESTON, Va., Dec. 17, 2018 (GLOBE NEWSWIRE) -- The FAIR Institute, an expert, nonprofit organization led by information risk officers, CISOs and business executives to develop standard, quantitative information and operational risk management practices, announced today that membership now surpasses 4,000 people across 87 countries worldwide.

The rapid growth in members – up by more than one-third in less than six months – is an indication of the rising importance global businesses are placing on quantifying cyber and operational risk in economic terms. It adds emphasis to the role that Factor Analysis of Information Risk (FAIR), the only international standard value-at-risk model for cyber and operational risk, plays in making quantitative risk management programs possible.  The FAIR Institute educates the security and risk management communities on FAIR through educational programs, the annual FAIR Conference, its website, and thought leadership from FAIR champions and Jack Jones, FAIR Institute Chairman and original author of the FAIR model.

A look at the Institute’s membership base demonstrates the breadth of FAIR’s growing appeal:

  • 80% of the Fortune 10, 75% of the Fortune 50, 30% of the Fortune 1000 companies are represented in Institute membership
  • 20% of the member base is comprised of senior leadership in security and risk, including CISOs, Vice Presidents, Heads of Security, and C-Suite Executives from the largest companies in the world
  • Institute members come from 87 different countries

According to a recent article in The Wall Street Journal’s WSJ Pro Cybersecurity Newsletter, “Companies are moving to deploy methods to calculate the financial impact of cyber threats. Analysts say FAIR is gaining traction, especially among large corporations that already have experience with cyber risk analysis.”

The membership milestone caps a year of achievements for the FAIR Institute. In 2018:

  • The Global Resilience Federation (GRF), the umbrella group for the cyber threat intelligence sharing ISACs and ISAOs, formed a strategic partnership with the Institute to promote the awareness and proficiency on FAIR among its membership.
  • The SANS Institute started offering FAIR-based cyber risk analysis and quantification courses as part of its training portfolio.
  • The 2018 FAIR Conference was co-hosted by Carnegie Mellon University’s Software Engineering Institute (SEI) - attracting a record crowd.
  • CyberVista, the leading cybersecurity education and workforce development company, introduced FAIR to its board director training program.
  • The Institute added Advisory Board members Zulfikar Ramzan, CTO for RSA Security, and Kim L. Jones, Director, Cybersecurity Education Consortium, Arizona State University.
  • New local chapters of the FAIR Institute opened in Australia and South Africa, bringing the total number of chapters to 14 worldwide.

FAIR Institute Chairman Jack Jones commented, “We are thrilled to see the momentum building behind the FAIR model and to see the Institute grow at such a rapid pace. It speaks volumes to the fact that the information security community is finally abandoning the notion that cyber risk cannot be quantified. We are observing the same trends for operational risk. When virtually every aspect of the business is quantitative, having the CISO or the head of Ops Risk give red/yellow/green heat maps is debilitating to decision making. With the continued growth of the FAIR community and the help of its champions, we are moving closer to the day when businesses can finally see cyber and operational risk through a financial lens and make business decisions accordingly.”

About the FAIR Institute
The FAIR Institute is an expert, non-profit organization led by information risk officers, CISOs and business executives, created to develop and share standard information risk management practices based on FAIR. Factor Analysis of Information Risk (FAIR) is the only international standard analytics model for information security and operational risk. FAIR helps organizations quantify and manage risk from the business perspective and enables cost-effective decision-making. To learn more and get involved visit:

Luke Bader
Director, Memberships and Programs

Topics: FAIR Institute

Luke Bader

Written by Luke Bader

Luke Bader is Director, Membership and Programs for FAIR Institute


Subscribe to Email Updates

Learn How FAIR Can Help You
Make Better Business Decisions

Recent Posts