Untitled (1920 × 496mm)

3 reasons to measure your cyber risks

A cyber security expert says quantifying cyber threats is critical for businesses if they are to remain vigilant against attacks.

25 May 2022

Michel Feijen, managing director APAC at MetricStream, says measuring the high-tech cyber threats your business is facing will result in more effective management.

“Organisations are struggling to not become a statistic and have quickly expanded their willingness to invest in preventative programs and processes,” Mr Feijen said. 

“And while the decision-makers may now be more willing to allocate bigger budgets to cyber security, they are still not prepared to write blank cheques. That’s why they are looking for solutions that will bring them a positive ROI and allow them to not only manage, monitor, and mitigate cyber risk, but also quantify its impact and make more strategic decisions about where to invest in cyber risk mitigation efforts.”

To provide that kind of assurance to the board and C-suite, cyber leaders need to speak their language and provide data in easily understandable terms, Mr Feijen said. 

“That’s where cyber risk quantification comes in. It enables measurement of IT and cyber risk exposure in monetary terms, helping to quickly determine which risks to focus on first and where limited cyber security resources will provide the best impact for the investment.”

Mr Feijen has outlined three benefits of using a quantified cyber risk approach:

More informed decisions

Accurately quantified risk data removes the guesswork and allows you to understand the true impact and probability of a risk, Mr Feijen said. 


Explore our cyber training and resources to defend against online threats to your business. Plans start from only $10/month.

“As a result, you’re less likely to overreact to potential risk events or allow significant threats to slide by unnoticed. Instead, you will be able to make calculated, data-driven decisions that will put your enterprise in a stronger, safer position.”

More objective and accurate risk assessments

Mr Feijen warns against analysing data in qualitative terms as it will bring in error and uncertainty. Instead, he suggests a platform that can quantify risks and can help you prioritise and mitigate risks faster. 

“The numbers tell the story, clearly and unambiguously, allowing you to concentrate your energies on mitigating the most urgent ones first, rather than debating about why they are ranked that way.”

Demystified security for decision-makers

Decision-makers know cyber risk is important, but very often risks go unnoticed due to limited knowledge of the relevant teams. 

According to Mr Feijen, fear, uncertainty, and doubt abound, and the impenetrable jargon for which the ICT sector is famous – Trojan horses, botnets, worms, DDoS, phishing, et cetera – does not help.

“But what decision-makers do understand are numbers. Presenting them with a quantitative analysis of the threats faced by the organisation along with a unified view of the risk landscape is much more effective.”


Train your staff to be the frontline of your defence against cyber attacks with plans starting from $10/month

Found this useful?

Subscribe to our newsletter and receive the best business tips and articles straight to your inbox.

Thank you for signing up to our newsletter. You're one step closer to receiving more insightful information to help better your business.

We take your privacy seriously and by subscribing to our newsletter you agree to the terms of our Privacy Policy available below.