Reston, VA, Nov. 10, 2020 – In a sign of the growing movement towards quantitative risk management, the FAIR Institute, the expert, nonprofit organization advancing Factor Analysis of Information Risk (FAIR™), the international standard for cyber and operational risk analysis and quantification, has reached the milestone of 10,000 members in under 5 years.
Institute members come from 118 countries and represent 40% of Fortune 1000 companies and 25% of Forbes Global 2000 organizations. Members also represent 20 different US federal agencies and participate in 23 local chapters around the world. In 2019, the FAIR Institute was recognized by SC Magazine as one of the three most influential security industry associations of the last 30 years.
It's been a year of growth and recognition for FAIR and the FAIR Institute. In 2020,
- The National Institute of Standards and Technology (NIST) recommended risk quantification and FAIR in a new standard for integrating cybersecurity with enterprise risk management (NISTIR 8286).
- Committee of Sponsoring Organizations (COSO) issued its first guidance document on applying the widely used COSO Enterprise Risk Management Framework to cyber risk management and recommended the use of FAIR.
- The National Association of Corporate Directors (NACD) Cyber Risk Oversight Handbook also endorsed the use of quantitative risk models including FAIR.
- The FAIR Institute and HITRUST® launched an effort to integrate FAIR with the HITRUST CSF, the cybersecurity controls framework in use at hundreds of thousands of organizations.
- More than 2,000 risk, security and business management professionals attended the 2020 FAIR Conference, the premiere global quantitative risk management conference, a record attendance figure.
- More than 1,000 risk professionals learned to apply FAIR risk quantification at Institute-sanctioned training courses.
FAIR Institute Founder and President Nick Sanna commented that “The FAIR Institute’s growth to 10,000 members and its transformational impact in the risk management industry exceeded our wildest expectations.
“It is a sign of the growing need for organizations to factor risk in business decision-making, especially at a time when many are accelerating digital transformation initiatives and asked to reduce cost at the same time.
“I am very grateful for the generous contributions provided by our members and sponsor organizations and we look forward to continuing to work for the advancement of the risk profession and the establishment of internationally recognized and standard risk modeling and quantification practices.”
About the FAIR Institute
The FAIR Institute is an expert, non-profit organization led by information risk officers, CISOs and business executives, created to develop and share standard risk management practices based on FAIR. Factor Analysis of Information Risk (FAIR™) is the only international standard analytics model for information security and operational risk. FAIR helps organizations quantify and manage risk from the business perspective and enables cost-effective decision-making. To learn more and get involved visit: www.fairinstitute.org.
Director, Memberships and Programs