Cybersecurity

Quantifying Risk Scenarios with Axio360

Post by
John Snyder

Watch the Risk Assessment series from beginning

Speaker

John Snyder
Net Friends
President & CEO

Video Transcript for Risk Assessment Vlog #3

One thing that is often missing with Risk Scenarios is when you try to translate them into something quantifiable, it’s really hard to do. The risk is almost always abstract, squishy, or lacking concrete terms. Leveraging fear, uncertainty, and doubt can help you keep leadership engaged and focused on a risk, but it doesn’t help decision makers know precisely what kind of impact a risk can have on their bottom line or operational cost. Additionally, without some way to quantify risks you also can fall into the trap where there can be a collective shrug and assumption that insurance will just cover the business.

We’ve seen tools impose some order on risks, usually focused on likelihood and degree of impact. That helps on the margins, but this falls far short of what a CFO or CEO needs to see to make a sound decision about where to direct resources for maximum impact.

Until Axio360 came along, we had not seen tools that really get at the actual, quantifiable cost that the business would incur should an adverse event happen. Axio360 does a lot of things within the Risk Assessment and Insurance Assessment space, but it’s unique magic is the Quantification tools. These “Quant” tools are surprisingly accessible, and the immediate feedback you get from working within the tool helps draw you forward to fully explore each risk scenario and how much the expected cost would be if it came to pass.

Establishing a Risk Scenario that you need to quantify is straightforward and facilitated by the tool. You identify individual business units that would be susceptible or impacted by the event (or all of them), and pick from a subset of Cyber Event Vectors that might trigger the scenario. The tool then guides you to create some human-readable formulas and viola! You end up with super useful graphs and directly quantified costs should the situation occur. With a click of a button, you can determine whether you are over or under insured. It’s incredible. When you look back at your quantification work you can readily follow the path that led you to these results, and I have to admit it makes you feel pretty dang clever. The tool gives you that “Look what I just did!” feeling.

Additionally, the tool allows you to “play” with quantification as well by excluding or including contributing financial or tangible costs, allowing you to explore “what if there wasn’t any legal expenses?”, or “what if there wasn’t any data breached?” Armed with this tool, you can readily answer questions that might come up as stakeholders grapple with the potential costs of various loss or disruption events. Armed with this tool, you can confidently prioritize what the business should work on for maximum positive impact.

To give a specific example of a single formula the tool helps with, we were looking at a Ransomware attack restoration cost. The “cost of restoring data” was something we struggled trying to quantify prior to working with Axio360. Our initial formula we created was taking the number of days, number of employees per day, multiplied by the cost of each employee per day. We got a reasonable internal cost to use for our financial impact of a major incident that would involve restoring data or system function.

Thanks to Axio’s broad base of users and contributors, we ultimately found and were able to use a much more effective formula that factored in the (1) Restoration Team size * (2) Restoration hourly rate * (3) # of days * (4) “Machines to Reimage” and we could divide that by (5) the “Machines reimaged per day”. Axio is constantly updating and refining the formulas used because the staff at Axio is continuously workshopping their quantification measures with other businesses and bringing to all Axio360 users the best formulas that come out of those workshops and that they can see being used by other businesses.

I hope you can consider how the power of Axio360 can change the entire dynamic around your management of risk in your business. The tool covers so much surface area, from giving you a continual improvement process to your risk assessments (like I covered in a previous video), to assessing your insurance in ways you never have before, to quantifying risk scenarios that have some degree of likelihood to impact your business. We would be delighted to introduce you to this tool and help you unlock it’s potential for your business.

We invite you to reach out to us to learn more!

Watch the Risk Assessment series from beginning

Contact our IT
Support Center 24/7

Option 1: Call (919) 680-3763
Option 2: Email - request@netfriends.com
Option 3: Complete the form below
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

If your support issue requires immediate assistance, please call our office. Email & web form submissions are only reviewed during business hours.