TUV Rheinland OpenSky Announces Launch of Cyber Risk Quantification as a Service in Partnership with RiskLens
TUV Rheinland OpenSky and RiskLens partner to deliver comprehensive Integrated Risk Management Services for organizations struggling with cybersecurity risk exposure across all sectors.
Cologne, Germany; Littleton, MA; and Spokane, WA; U.S. – January 24, 2019: TUV Rheinland OpenSky, a wholly owned subsidiary of TUV Rheinland, and RiskLens, the leading provider of cyber risk quantification (CRQ) software and cyber risk management solutions, announced today that they are partnering to bring Cyber Risk Quantification as a Service to organizations across all sectors. The new TUV Rheinland OpenSky offering is powered by the RiskLens Software as a Service platform. RiskLens is the only enterprise platform purpose built on the Factor Analysis of Information Risk (FAIR) model. FAIR, backed by the FAIR Institute, is the de facto cyber risk quantification methodology trusted by more than 30% of the Fortune 1,000 and 75% of the Fortune 50.
Cyber Risk Quantification as a Service allows TUV Rheinland OpenSky to provide FAIR analysis on the risks that clients face during their digital transformation journey. New technology, new business to business ecosystems, growing privacy concerns and varying threats create numerous potential loss scenarios. TUV Rheinland OpenSky can help clients identify and analyze those risks using information from assessments, scans and testing using frameworks such as ISO 31000 and NIST 800-30. They can also identify key controls that reduce most of the risk across common loss scenarios.
From there, new questions arise: What is an appropriate amount to spend to treat this risk? What should our cyber insurance cover? How much of my budget should be apportioned to an initiative?
Heat maps with red, yellow and green results do not answer those questions. This service offering does. TUV Rheinland OpenSky’s FAIR-certified consultants will provide annualized loss expectancy to answer those questions and others using information from your experts and information. They can even tie in information from their clients’ GRC data and integrate quantification of risks into GRC-based risk registers. CSOs in programs that have tied in FAIR acknowledge that management decision support in security simply did not exist like it does now.
According to Anish Srivastava, CEO and President of TUV Rheinland OpenSky, “The RiskLens platform is a crucial component of security management decision support. Our clients are not only challenged with reporting up to the board, but also making the security case to the investment committee, rationalizing their security portfolios, and rightsizing remediation plans. The FAIR methodology, with true data integration, is timed well in a climate where compliant organizations continue to be compromised by a broad category of losses. We offer our clients services and solutions that empower them in determining the allocation of precious resources.”
According to Nicola (Nick) Sanna, CEO of RiskLens, “TUV Rheinland OpenSky is a strategic advisory, consulting and integration services partner assisting large enterprises in building GRC and risk management programs based around the FAIR standard and now the use of the RiskLens software platform. RiskLens global reach and proliferation into operational technology (OT) and Internet of Things (IoT) manufacturers through TUV Rheinland OpenSky’s trusted brand and risk assessments as a service will be powered by RiskLens’ risk analysis benefits.”
Christine Lagarde, Managing Director of the International Monetary Fund (IMF), not only recently identified cyber risk as a top risk but also a “significant threat” to the financial system. That’s why cyber risk quantification has emerged as a risk management necessity. Gartner recently spotlighted cyber risk quantification and endorsed the FAIR-style approach in its “Integrated Risk Management” Magic Quadrant.
Integrated Risk Management is the natural evolution of Governance, Risk and Compliance (GRC) programs and technology. RiskLens offers the industry’s most powerful and actionable decision-support platform for cybersecurity and risk management teams that is able to assess the financial impact of cybersecurity events. The RiskLens platform arms risk management programs with a robust model for measuring risk in actual dollar, damage, and ratio implications. With this quantitative analysis, organizations can deliver reports to key stakeholders in a business language, prioritize security remediation activities, evaluate ROI of cybersecurity initiatives and optimize security budgets.