1、SurveySANS Risk Quantification SurveyWritten by Barbara FilkinsApril 20222022 SANS Institute2SANS Risk Quantification SurveyExecutive SummaryRisk is a fundamental denominator for business,regardless of the industry involved.Insurance,banks,mortgage companies,hospitals,supply chainor any other fast-m

2、oving organizationmust ensure strategic business decisions align with their risk appetite,objectively assessing the potential impacts to the bottom line.Today,digital information and data is recognized as a critical business asset by organizational stakeholders,defenders,and disruptors.With cyberatt

3、acks continually on the rise,no industry sector is truly safe from disruption.Cybersecurity is now a leading business imperative.Cyber risk has joined other business functions and become part of the organizations bottom line.What this means is that upper management and boards of directors are asking

4、 for a more nuanced view of their organizations cyber risk exposure.CISOs and CIOs can no longer just evaluate their organizations cybersecurity risk landscapes,assess and control threats,and recover from incidents and breaches.They must also estimate potential financial losses from a cyberattack in

5、 more detail than ever before while reporting to nontechnical stakeholders in a language those stakeholders understand.Quantitative risk analysis has always been considered difficult to accomplish for a variety of reasons.This is why many CISOs and CIOs still use descriptive(qualitative)approaches t

6、o assess risk.Done correctly,however,the value which quantitative methods afford is much higher,enabling risk management professionals and cybersecurity teams to communicate more objectively to leadership.Financial quantification extends that communication to monetary terms,enabling companies to tru