Getting everyone on the same page about the risks your organization is facing is a crucial part of effectively managing organizational risk. Unfortunately, it’s also one of the hardest parts about effectively managing risk.
Dimitrios Stergiou, Director of Information Security at fintech company Wayflyer, has spent his career solving this problem. His solution? Using risk quantification and standards frameworks to build a common language for understanding risk across an organization, break down silos, and obtain buy-in for risk management programs.
Show me the money
Few things are as effective for getting people to understand the big-picture impact of a particular risk than showing them the precise amount of monetary damage that failing to manage or mitigate it could inflict. That’s why Stergiou considers risk quantification to be the “holy grail” for communicating risk impact: Being able to assign associated costs to individual risks provides risk managers with the information they need to bring to the people whose skills and buy-in they’ll need to effectively address them.
Financial impact data lets the CTO understand how many hours of her team’s time will be needed to make the fix, and weigh that against the possible loss to the business if a particular risk materializes. It helps the CFO understand the costs of doing nothing and whether it makes sense to bring in a new tool to handle the risk. And, it can provide brand and public relations teams with perspective on the potential reputational damage that could result from ignoring the risk.