Blog Post

New CRQ Platform Feature: Risk Evaluation

July 17, 2023

Table of Contents

‍Introducing Risk Evaluation

Our latest update incorporates risk evaluation built upon financial quantification. A critical component of the risk evaluation feature is the top risk matrix, which provides risk metrics for tracking, benchmarking, and reporting.

By analyzing risk drivers through the ATT&CK MITRE framework’s initial vectors and event types, Kovrr provides a comprehensive breakdown that enables a detailed understanding of the likelihood and the potential of risks. Furthermore, our risk evaluation integrates threat intelligence insights based on industry-specific factors and company size.  Model transparency enables stakeholders to gain visibility into model assumptions and risk including a wide range of event types and attack vectors.

Understanding the Power of the Top Risk Matrix

The ‘Top Risk Matrix’ plays a pivotal role in  providing crucial risk metrics that aid in monitoring, benchmarking, and reporting. Let's take a closer look at its key features:

1. Annualized Average Loss (AAL)

The AAL, calculated through advanced Monte Carlo simulation, reveals the expected average annual loss. This metric allows you to gauge the potential magnitude of losses your organization might face. By understanding the AAL, organizations can better prepare and strategize for risk mitigation.

2. Probable Maximum Loss (PML)

The PML assesses the worst-case scenario by considering extreme loss events that occur once in a century. It acts as a compass, guiding you to plan and create contingencies to mitigate risks effectively.  The PML enables organizations to safeguard against unforeseen challenges.

3. Annual Targeted Event Frequency

The Annual Targeted Event Frequency estimates the likelihood of specific events occurring within a year, customized to your organization. By leveraging this metric, you can benchmark your security posture maturity against inherent risks. This valuable information allows organizations to optimize your security measures and fortify your defenses.

Discovering Effective Mitigation Actions

In addition to the powerful risk metrics, the Risk Evaluation page offers precise mitigation actions tailored to address specific risk drivers. These recommendations are designed to enhance your organization's resilience and reduce identified risks.

By implementing these actionable steps, organizations can proactively mitigate potential threats. With this new approach, recommendations empower platform users to make informed decisions at every risk analysis juncture.

Quantify the cyber risk your organization experiences due to its third-party service providers.

Unveiling Crucial Threat Intelligence Insights

The Risk Evaluation page doesn't stop at risk metrics and mitigation actions. It goes the extra mile by providing top threat intelligence insights, shedding light on the benchmark data used in risk evaluation. These insights offer valuable context and facilitate a deeper understanding of the factors contributing to the risk assessment. Armed with this knowledge, organizations can align their risk management strategies with precision and confidence.

Delving into Key Risk Drivers Breakdown

To effectively manage risks, understanding the underlying risk drivers is paramount. The new Risk Evaluation page excels at summarizing the top risk drivers unique to each organization, using standardized cyber management language. This alignment ensures easy integration with industry best practices, making risk management a breeze.

The Event Types section within the Risk Evaluation page highlights the significant events that shape your overall risk profile. By analyzing these event types, organizations gain insights into the specific categories of risk the organization faces. A comprehensive view of risks is provided, such as the potential impact of interruptions, data breaches, ransomware events, or the partial impact of attritional events. 

Enhancing Security Measures with Attack Vectors

The Attack Vectors section provides an overview of the methods threat actors may exploit. By understanding these attack vectors, organizations can fortify security defenses and ensure comprehensive protection. Kovrr’s baseline assumptions, based on threat intelligence data and simulation statistics, offer a robust explanation of risk drivers, enabling organizations to make informed decisions.

This comprehensive solution—from potent risk metrics to tailored mitigation actions, threat intelligence insights, and in-depth risk driver analysis—sets a new standard for effective risk management. In the modern business landscape where risk can significantly impact sustainability, our solution empowers you to manage risk with unparalleled precision and confidence.

Evaluate your organization's cyber risk according to a wide range of crucial metrics.

Ariel Antoni

Product Manager

Rohan Dehal

Associate Product Manager

No items found.
Industry Recognition