.svg)
.svg)
.jpg)
When a company’s network is compromised, the clock starts ticking for how much damage will be incurred. Before the dust even settles, the company scrambles to assess the business impact and report to stakeholders. Public companies in the United States now must report material cyber events to their investors. When the worst-case scenario strikes, it is important to be prepared for damage control in advance.
X-Analytics produces a cyber loss quantification report that takes minutes to create. The onboarding process for X-Analytics requires creating a Cyber Risk Profile, which companies can use to understand current exposures and financial impacts of various cyber events. When an incident occurs, X-Analytics produces an instant estimated impact summary informed by reported data from industry peer groups and the company’s current risk profile. When this is in place, there is organization and answers during a time of crisis, instead of hysteria and urgent meetings with the CFO. X-Analytics automates the process of collecting the data and providing analysis about cyber losses. The CISO only needs to run the X-Analytics cyber loss quantification report on what has been compromised by the type of attack.
Whether compiling the report is needed for an intrusion or used in advance as a cyber loss quantification tool to project loss if a compromise were to occur, the advanced preparation helps the company identify immediate financial impact. The data can be used to assess financial impacts, support materiality determination processes for SEC reporting requirements, or help create a proactive cyber risk mitigation plan when used in “what if” scenarios.
The X-Analytics Financial Impact Report assigns dollar amounts to a projected range of Low, Medium, High, and Worst-case loss scenarios for a company. Using a data breach event as an example, X-Analytics estimates the financial impact of an incident based on the types and volume of records lost. The financial projections are data-driven. They are derived from the company’s risk characteristics and actual historical losses experienced by industry peers. The probability of the incident occurring is also projected.
To use the cyber loss quantification tool, go to the Report Center within X-Analytics and select Cyber ImpactEstimator. Within the Impact Summary tab, locate the loss category that associates with your cyber incident, such as Data Breach; Interruption: DoS; Interruption: Other; and Ransomware. Using the drop-down menu shown below, select the loss detail for the volume of lost records or the duration of the interruption incident. In this example, Data Breach is the loss category, and 10 million records is the loss detail. The Impact Summary is shown below.
The loss categories are defined as:
The intentional or unintentional release of secure, private, or confidential information to an untrusted environment. For Data Breach, select the number of records compromised within the incident.
The intentional or unintentional disruption of one or more IT (Information Technology) or OT (Operational Technology) systems.
· Interruption (DoS): This only includes interruption incidents from denial-of-service attacks. Select the duration of the incident.
· Interruption (Other): This includes all other forms of interruption, resulting from malice or error. Select the duration of the incident.
The intentional and illegal use of property, funds, or services via a cyber incident. Select the value of the intellectual property, stolen funds, or critical services.
The intentional deployment of malware intended to encrypt data within one or more systems to extort money from the victim organization. Select the duration of the incident.
Note: When more than one category applies, such as Data Breach + Ransomware, combine both estimates for a total estimated loss.
The probability of the incident occurring is predicted underneath the drop-down menu. This helps a company better understand the current incident and the future probability of a repeated incident. When using the Cyber Impact Estimator proactively for risk management, the probability score can help prioritize mitigation strategies.
X-Analytics illustrates the financial estimates across a range from Low to High, as pictured in the bar graphs. The ranges represent best to worst-case scenarios:
Low = 90% of cases will show at least this much impact
Median = 50% of cases will show at least this much impact
High = 10% of cases will show at least this much impact
Worst-Case = 3% of cases will show at least this much impact
The X-Analytics process for calculating the financial impact of a loss is efficient and easy. This cyber loss quantification tool helps protect assets by assigning dollars to risk to communicate how much loss the company could incur from a cyber attack. The calculations can be used proactively by exploring what-if scenarios to predict the financial impact to the business. If an incident does occur, the advance preparation dedicated to the Cyber Risk Profile completed upon the setup of X-Analytics saves time to help meet reporting deadlines and add clarity to the chaos and confusion with automated, quick, and insightful answers.
.png)
