Nehemiah Security, the industry leader in automated cyber risk quantification, announces the general availability of Risk Quantifier™ version 3.4, a powerful SaaS solution to continuously measure and assess the magnitude of an organization’s financial losses associated with cyber risk designed to serve enterprise clients with multiple business lines.
Risk Quantifier (RQ) enables more actionable cyber risk governance that leads to optimized operations and technology, resource, and process investments. RQ enables customers who have adopted the Factor Analysis of Information Risk (FAIR™) framework to rapidly deliver financial and business risks for enterprises by reducing what previously could take a substantial effort in labor hours across months to a matter of hours or days. This is possible because RQ applies expert risk and financial data, obtained and curated from the broadest and most current market information to a model of your IT controls. RQ next incorporates that data into cybersecurity frameworks like NIST and MITRE ATT&CK™ to measure the effects of controls, the projected impacts of threats, and the magnitude of financial impacts over time. Customers are then able to critique and refine the open model to better reflect their needs.
“RQ continues to evolve not only as our customers mature in risk understanding, but also as the universe of actual loss data, resulting from corporate data breaches around the world, expands,” said Jerry Caponera, Vice President of Product and Cyber Risk at Nehemiah Security. “Our enterprise clients have a continued need to manage cyber risk as a business risk, and our continued efforts to monitor privacy regulations across the globe, to gather intelligence about the most current threats and TTPs, and to codify the data and analysis into a platform that performs the heavy lift for their risk teams are delivering results.”
New features included in Risk Quantifier version 3.4 include:
- Empowering users to quickly assess the three most important questions regarding cyber risk: What is my financial exposure? How likely am I to be hit? Can my defenses adequately prevent an attack from succeeding?
- Visualization of systemic risk factors that are shared across lines of business or inherited from the corporate level to a particular line of business.
- Providing updated Board-level scenarios dashboard with guidance related to the three most significant “what if” factors:
- What if the magnitude of the total financial risk changes? (What are our predicted maximum losses?)
- What if the probability of cyber attack by type on our organization changes? (What are the chances of our company being the target of a particular attack?)
- What if the attack is successful given the current and forecasted state of IT controls?
With the introduction of version 3.4, Nehemiah RQ will be offered in two packages: single business unit loss & risk prediction and enterprise-wide loss & risk predictions.