Couldn’t attend Transform 2022? Check out all the top sessions in our on-demand library now! Look here.
When it comes to obtaining buy-in from executive leadership and the board of directors, measuring cyber risk quantification is essential. Security leaders who cannot financially value the level of risk in an environment may find it difficult to justify spending on defensive technologies.
The problem is that calculating risk is complex. However, solution providers, such as cyber risk quantification, offer: axiowhich today announced it has raised $23 million as part of a Series B investment round led by ISTARI, provides platforms to continuously measure risk and identify gaps.
Axio’s Axio360 solution provides organizations with a single source of truth about their overall cyber risk attitudes by providing cyber security assessments for industry frameworks and standards, including NIST, CSF, C2m2, and CIS 18, in addition to cyber risk quantification and insurance stress testing for analyzing insurance policies.
This approach, and that of other cyber risk quantification providers, enables security leaders to better communicate the financial value of cyber risks in the environment, so they can understand which threats are causing the most damage to the organization and help determine whether they are justified. have cyber insurance level.
Align with cyber risk
As maintaining security and compliance becomes more complex as the threat landscape progresses, more and more enterprises are turning to quantifying cyber risk to keep up with their level of exposure.
In fact, according to Gartner’s 2021 Cyber risk quantification research nearly 70% of SRM leaders planned to deploy CRQ in the next two years.
At the heart of the challenge of mitigating cyber risk is the fact that security leaders and key executives rarely agree on how to interpret the amount of risk in the enterprise.
“The board of directors, the C-suite and the Security and Risk team are rarely aligned on important questions related to cyber attitudes and overall organizational performance. Axio drives this alignment and empowers leadership to optimize cybersecurity decision-making, priorities and investments,” said Scott Kannry, Axiom Chief Executive Officer.
“When presenting to executives, most CISOs struggle to communicate effectively without using rudimentary heatmaps and scoring frameworks that attempt to show how their program is performing and why certain control risk areas require more budget,” said Kannry.
Kannry explains that the end result of this misunderstanding is that security leaders don’t get the money they need to protect the business, while the board doesn’t have access to the visibility they need to see which security investments are having the most impact.
Risk quantization solutions, such as Axio, help simplify this communication by enabling CISOs to communicate risk in financial terms.
A Brief Look at the Risk Quantification Market
The risk quantification market is a relatively new market, but has seen a lot of investment activity over the past year. Just over a few months ago, cybersecurity posture automation provider Balbix announced it had raised $70 million as part of a Series C financing round.
Balbix’s platform analyzes hundreds of billions of time-varying signals from across the network, prioritizing vulnerabilities and providing users with insight into risk, while providing a measure of the financial risk posed by vulnerabilities.
The organization also competes with ‘active insurance’ providers such as: Coalition, which provide a real-time risk assessment for measuring digital risk in real time. Coalition raised $250 million in funding a month ago.
Although, according to Kannry, the main differentiator between Axio and other competitors is that “we focus on impact and help the security leader understand what something is going to cost. We focus on resilience so that users can “show their work” when a board member asks.”
The mission of VentureBeat is a digital city square for tech decision makers to gain knowledge about transformative business technology and transactions. Learn more about membership.