HRO session 1: Connecting cyber risk to business impact: resilience metrics in practise

Connecting cyber risk to business impact: resilience metrics in practise

This aligns deeply with both regulatory pressure (e.g. NIS2/DORA) and the strategic aim of high-resilience organisations to elevate security from technical to business language. It also helps CISO’s share how they're structuring programs that tie cyber threats (especially crypto-related ones) to operational and financial risk.

Discussion:

• What KPIs/metrics resonate with executive teams when discussing resilience including crypto risk posture?
• What risk quantification models (e.g. NIST, FAIR) or tools (e.g. cyber insurance modelling, CRQ platforms) are being used or not?
• How is incident response cost or impact being modelled (e.g. in case of key compromise or certification revocation)?
• What are the regulatory drivers forcing quantification (e.g. DORA’s operational impact reporting)?

This roundtable session is part of the Highly Resilient Organizations Program. Do you want to join? Registration is possible at short notice.