Cyber risk quantification involves the application of risk quantification techniques to an organization's cybersecurity risk. It is the process of evaluating the cyber risks that have been identified and then validating, measuring and analyzing the available cyber data using mathematical modelling techniques to accurately represent the organization's cybersecurity environment in a manner that can be used to make informed cybersecurity infrastructure investment and risk transfer decisions. 

Cyber risk quantification is a supporting activity to cybersecurity risk management; cybersecurity risk management is a component of enterprise risk management and is especially important in organizations and enterprises that are highly dependent upon their information technology (IT) networks and systems for their business operations.

To help us understand what cyber risk quantification is to businesses in Asia, we spoke to Alex Lei, VP and GM for APJ, Proofpoint.

 1.           How do organisations today (in Asia) manage cyber risks? 

2.           By 2025, 50% of cybersecurity leaders will have tried, unsuccessfully, to use cyber risk quantification to drive enterprise decision-making. In what way do you think enterprises are failing in this regard (cyber risk quantification)?

3.           Having recognised the failings, can you cite three (3) approaches to improve how organisations quantify their cyber risk and thus improve how they respond to threats?