What kind of results are you seeing from CRQ (cyber risk quantification) so far?

1.2k views9 Comments

VP of IT and Platform Strategy and Product Management in Telecommunication, 1,001 - 5,000 employees
Generally good...though this is always a bit of an art vs. a science. None the less, without CRQ, its difficult to prioritize, etc. and by creating this type of model we are better able to focus on the things that matter vs. the things we "think" matter. 
CIO in Energy and Utilities, 11 - 50 employees
It has helped me a lot to make the board realize the potential damage to business due to poor technology security and the investments needed to minimize risks.
IT Strategist in Government, 1,001 - 5,000 employees
Better understanding of the higher risk and higher priority threats, reducing "noise" for the operational teams.
Senior Vice President, Engineering in Software, 1,001 - 5,000 employees
It allowed us to better understand and quantify the financial impact of cyber threats, make data-driven decisions, and prioritize our cybersecurity investments based on their most significant risks.
Director of IT in Software, 201 - 500 employees
Helps you represent the cyber risk with clear business terms i.e easier to explain to the board of directors or executives how the cyber risk (can/will) affects the revenue and profit. 
CISO in Software, 10,001+ employees
It helps to drive easier cross organizational decisions without agenda debates and opinions.
Computer Science Lecturer in Education, 51 - 200 employees
From the CRQ process we are assessing the potential financial impact of an individual cyber threat to our business, evaluate operational risk, efforts to reduce risk, risk exposure, and risk mitigation.
If we find out that a specific risk exposure is still high, we re-direct our investments to the relevant cyber control. This way, our cyber risk mitigation efforts become more proactive and productive.
Director in Manufacturing, 1,001 - 5,000 employees
CRQ has helped be more objective and share metrics with leaders in IT and the Business to clarify what the company is facing as the threat landscape evolves.  Top business leaders generally prefer when there is a clear methodology and process to ranking and prioritizing and this has helped communicate the risks we face.  It also helps deciding where to spend limited dollars and labor hours.
CTO in Software, 11 - 50 employees
It helps us prioritize risk mitigation efforts, optimize risk management strategies, enhance communication and decision-making, and facilitate risk transfer.

Content you might like

CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
41.9k views131 Upvotes319 Comments

Attack Detection & Analysis22%

Vulnerability assessment and patching54%

Security Awareness Training15%

Incident Response8%

Other (comment below)0%


1.2k views4 Upvotes1 Comment