Cyber Insurance , Governance & Risk Management , IT Risk Management

Putting Monetary Value on Cyber Risk

Jack Jones, chairman of the FAIR Institute, Shares Strategies for Managing Risk
Jack Jones, chairman, FAIR Institute

When it comes to making decisions around risk, the FAIR model is more useful for security leaders than the kind of measurements provided by cyber insurance companies, according to Jack Jones, chairman of the FAIR Institute.

See Also: OnDemand | Ransomware Will Strike Every 2 Seconds by 2031: How to Stay Secure

While cyber insurance has good information on the effects of a breach and the losses that occur, these risks do not cover all of the losses because insurers only pay attention to components of a loss covered by the policy.

What they also don’t have, Jones said, is great information about probabilities. They can talk about probabilities at an industry level, or for certain sizes of organization, but risk varies from one organization to another based on their unique characteristics and security controls.

In this interview with Information Security Media Group at the London inaugural summit of the Fair Institute, Jones discussed:

  • The risk landscape for security organizations;
  • Evaluating and identifying risk using the FAIR model;
  • Sound decision making about risk.

A thought leader in risk management and information security, Jones has been employed in technology for over 35 years, specializing in information security and risk management, including five years as a CISO for a Fortune 100 financial services company. Jones is the originator of the risk measurement model Factor Analysis of Information Risk. He co-authored a book on FAIR entitled "Measuring and Managing Information Risk - A FAIR Approach," which has been inducted into the cybersecurity canon as a must-read for professionals in the industry. Jack also served on the ISACA task force that developed the RiskIT framework, and he led the ISACA group that developed the CRISC certification.

About the Author

Tony Morbin

Tony Morbin

Executive News Editor, EU

Morbin is a veteran cybersecurity and tech journalist, editor, publisher and presenter working exclusively in cybersecurity for the past decade – at ISMG, SC Magazine and IT Sec Guru. He previously covered computing, finance, risk, electronic payments, telecoms, broadband and computing, including at the Financial Times. Morbin spent seven years as an editor in the Middle East and worked on ventures covering Hong Kong and Ukraine.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.