Modeling and Measuring Cyber Risk: A Data-Driven Approach to Risk Management

In the second webinar of our Data-Driven Risk Management series, C-Risk co-founder Christophe Forêt and Prometheus Yang of Enterprise Risk Governance and Metrics Society of Taiwan will discuss the technical aspects of modeling and measuring cyber risk using state-of-the-art open standards. Cyber Risk Quantification (CRQ) plays an important role in an organization’s broader data-driven risk management and governance strategy.

Christophe and Prometheus will guide participants through the steps of scoping a risk scenario and making estimates. For this session, they will decompose risk using the FAIR framework to articulate the risk factors, addressing:

* Methods for estimating loss event frequency and magnitude

* How to make accurate, actionable estimates with a useful level of precision

* The role of Monte Carlo simulations in refining risk estimates

Many security and risk managers perceive risk quantification as complex, but it can start with small, manageable steps. By leveraging the data you already have, you can prove the value of your efforts, gaining buy-in from other stakeholders.

Key topics:

• How a risk-based quantitative approach enables defensible decision-making and prioritization

• How to start small and scale up over time using data you already have

• A hands-on demonstration of risk modeling and scenario scoping using FAIR

Join us to learn how a structured, data-driven approach to cyber risk quantification can help align your risk management strategy with business objectives, ensuring smarter decisions that drive growth and resilience.

Speakers:

Christophe Forêt, C-Risk co-founder. He helps bridge the gap between cyber security experts and business leaders. Christophe provides CRQ consulting leadership to mid-sized and large Global Companies to design and initiate their corporate risk quantification programs and improve cyber security governance. 

Prometheus Yang, based in Taiwan, he is a publicly recognized thought leader with over 20 years of international experience in technology risk governance, cybersecurity, and enterprise risk management. He has held leadership roles across financial institutions, multinational corporations, and regulatory-driven industries, guiding organizations through the complexities of digital transformation, cyber resilience, and risk quantification.