Using Risk Quantification to Make Better Risk-Informed Decisions
Mark Tattersall | October 6, 2021
As risk professionals, we’re constantly making assessments and decisions. About what risk is worth it, what risk needs to be avoided, or what risk needs to be monitored. These decisions are often critical to business success.
Traditionally, we’ve been using fairly ambiguous terms to identify where a certain risk falls—using color coding and low, medium, or high labels.
But low, medium, and high can be so subjective.
What happens when you have two different risks that are labeled medium? Should they receive equal attention, manpower, or monetary spend? Do they equal one risk labeled high? Does it matter who’s doing the assessment? Are these labels hard and fast or can they be manipulated?
You can call this approach ambiguous, subjective, qualitative, or even down-right confusing. And that’s just to the people who understand the labels. When you throw leadership, the c-suite, or the board into the mix, there’s a major communication barrier. No matter what, it’s incredibly difficult to be consistent or confident that your choices will be the right ones.
This approach removes the ambiguity from risk assessments and converts them into clear, monetary values. Put into clear, data-driven terms, risk quantification is defensible like the traditional approaches have never been able to be.
By translating the data into terms leadership can understand, everyone is confident that the decisions they are making are the right ones for the business.
Remove fear, remove uncertainty, remove doubt, and be left with the data you need to make an informed decision, allowing you to accurately determine where your resources should go. As one of our panelists Travis Nichols put it, “It’s not about precision, it’s about making a decision.”
Even better? It’s easy to get started.
Start small. Pick a use case, apply the new approach, then iterate and expand from there.
Using Risk Quantification to Make Better Risk-Informed Decisions was a panelist session during Agility 2021. Panelists Bob Marley, Chief Security Officer at Black Kite, Travis Nichols, Information Security Manager at Veterans United Home Loans, and George Quinlan, Senior Manager — Security & Privacy at Protiviti discussed the difference between traditional approaches to risk and risk quantification with moderator Mark Tattersall, VP of Product Management at LogicGate.