An Introduction to the FAIR Materiality Assessment Model (FAIR-MAM™)

The FAIR Institute is releasing a new standard to help organizations assess the materiality of cybersecurity risk and incidents, called FAIR Materiality Assessment Model (FAIR-MAM™). FAIR-MAM™ expands the loss magnitude factor of the FAIR™ model, and provides a more detailed taxonomy and breakdown of loss categories driven by cybersecurity incidents.

The FAIR Materiality Assessment Model (FAIR-MAM™) is an open, financial loss model that enables organizations to:

• Quantify the impact of cyber incidents so they can quickly and reliably disclose legally defensible material risk on SEC Form 8-K
• Report financial risk internally to inform cybersecurity investment and management decisions for a full range of custom cyber risk scenarios
• Create a timeline of the multi-year lifecycle of the total cost of an incident

FAIR-MAM™ is also a standard that allows companies to report ‘comparable’ material financial costs related to cybersecurity incidents, a critical requirement for institutional investors.