Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here.
When it comes to getting buy-in from executive leadership and the board, measuring and quantifying cyber risk is essential. Security leaders that can’t put a financial value on the level of risk in an environment can find it difficult to justify spending on defensive technologies.
The problem is that calculating risk is complex. However, solution providers like cyber risk quantification provider Axio, which today announced it has raised $23 million as part of a series B investment round led by ISTARI, provide platforms to continuously measure risk and identify gaps.
Axio’s Axio360 solution provides organizations with a single source of truth on their overall cyber risk posture, providing cybersecurity assessments for industry frameworks and standards including NIST, CSF, C2m2, and CIS 18, alongside cyber risk quantification and insurance stress testing for analyzing insurance policies.
This approach, and that of other cyber risk quantification providers, enables security leaders to better communicate the financial value of cyber risks in the environment so they can understand what threats would do the most damage to the organization, and help identify whether they have the right level of cyber insurance coverage.
Getting aligned on cyber risk
As maintaining security and compliance becomes more complex as the threat landscape advances, more and more enterprises are turning to cyber risk quantification (CRQ) to keep up with their level of exposure.
In fact, according to Gartner’s 2021 Cyber Risk Quantification Survey, nearly 70% of SRM leaders were planning to deploy CRQ over the next two years.
At the heart of the challenge of mitigating cyber risk is the fact that security leaders and key executives are rarely in alignment on how they interpret the amount of risk in the enterprise.
“Board of directors, the C-suite and the security and risk team are rarely aligned about key questions concerning the organization’s cyber posture and overall performance. Axio drives this alignment and empowers leadership to optimize decision-making, prioritization and investments around cybersecurity,” said chief executive officer of Axio, Scott Kannry.
“When presenting to leadership, most CISOs struggle to communicate effectively without using rudimentary heat maps and scoring frameworks that attempt to depict how their program is performing and why certain control risk areas require more budget,” Kannry said.
Kannry explains that the end result of this misunderstanding is that security leaders don’t get the funds they need to protect the business, while the board doesn’t have access to the visibility they need to see which security investments are driving the most impact.
Risk quantification solutions like Axio help simplify these communications by enabling CISOs to communicate risk in financial terms.
A brief look at the risk quantification market
The risk quantification market is a relatively new space, but has seen lots of investment activity over the past year. Just a few months ago, cybersecurity posture automation provider Balbix announced it had raised $70 million as part of a series C funding round.
Balbix’s platform analyzes several hundred billion time-varying signals taken from across the network, prioritizing vulnerabilities and offering users insights into risks, while providing a measure for the financial risk presented by vulnerabilities.
Axio is also competing against “active insurance” providers like Coalition, which offer a real-time risk assessment for measuring digital risk in real time. Coalition raised $250 million in funding just a month ago.
Although, Kannry argues that the main differentiator between Axio and other competitors is that “we focus on impact and helping the security leader understand what something will cost. We focus on defensibility, allowing users to “show their work” when a board member asks.”