Cyber Risk Quantification
October 13, 2023
In this episode, Jeff Edwards and Tawana Johnson from the Safe House Initiative podcast are joined by Steven Schwartz, Chief Insurance Officer at Safe Security, to kick off their cyber insurance summer series. Steven emphasizes that cyber risk quantification (CRQ) is essential for making informed decisions about cyber insurance.
He explains that CRQ translates technical cybersecurity metrics into business-relevant financial terms, moving beyond inaccurate methods like basing limits on revenue. Every organization has a unique risk profile, making a data-driven approach crucial for balancing risk mitigation, transfer, and acceptance.
Steven highlights the FAIR Institute’s methodology as the global standard for CRQ, stressing the need to understand asset values and the business context, including often-overlooked business interruption risks. For practical CRQ, he suggests starting with basic metrics like sensitive data volume and revenue, using public breach cost data to estimate potential losses.
The conversation also covers common overlooked risks, such as third-party vendor vulnerabilities and social engineering, with the human element remaining the weakest link, now amplified by AI tool usage. Steven then introduces emerging security warranties as alternatives to traditional insurance, offering faster payouts embedded within cybersecurity products. He also discusses how insurtech MGAs are simplifying cyber insurance for SMBs, providing quick, affordable policies and incident response services.
Steven concludes by advising security leaders to quantify cyber risk in financial terms to better communicate with executives and boards, enabling smarter decisions and stronger cybersecurity.
Key Takeaways:
#CyberInsurance #CyberRisk #Cybersecurity #RiskManagement #CRQ #SafeSecurity #Podcast #TechTalk #DataSecurity #BusinessInterruption #FAIRMethodology #Cybercrime #Insurtech #SMBsecurity #RiskQuantification #StevenSchwarz #SafeHouseInitiative
What happens when rural hospitals, public utilities, schools, and small governments become targets of cyberattacks but lack the resources to defend themselves?
In this episode of The SafeHouse Podcast, Jeff Edwards welcomes Mike Hamilton, former Seattle CISO and CTO of PISCES International, a nonprofit organization delivering free cybersecurity monitoring and real-world workforce training to underserved communities across the United States.
This conversation is based on a real-world, three-part series designed for everyday people who suddenly find themselves dealing with a hacked account, fraud, or a suspicious alert.
In this SafeHouse episode, Jeff Edwards and Alan Gin break down what actually happens when a cyber incident hits and what you should do next.
This conversation is based on a real-world, three-part series designed for everyday people who suddenly find themselves dealing with a hacked account, fraud, or a suspicious alert.
If you’ve ever wondered what you would actually do in that moment, this episode walks you through it step by step.
Kurt Suhs, Founder and CEO of Concierge Cyber, unpacks why cyber insurance adoption remains low and what businesses are actually doing instead.
Learn how businesses think about risk when they don’t have coverage and why complexity and policy structure are major barriers.
Cyber risk management is often framed as a choice between prevention and insurance. In reality, the most resilient organizations combine both.
In this episode of The SafeHouse, Jeff Edwards speaks with Michael Phillips, Global Head of Cyber at Coalition, about how insurers evaluate cyber risk and why mitigation and insurance must work together.
Building on a previous discussion about the elements of risk management, the conversation explores how underwriters think about cyber exposure, what signals insurers look for when assessing organizations, and why operational resilience is becoming central to modern cyber insurance.
The result is a practical discussion about how businesses should approach cyber risk today.
Cyber risk management is often discussed in technical language. But at its core, risk is financial.
In this episode of The SafeHouse Podcast, Jeff Edwards interviews Davis Hake of Venable to break down how cyber risk should be measured, communicated, and quantified inside organizations.
For CISOs, risk managers, brokers, underwriters, and resilience professionals, this episode provides a practical framework for thinking about cyber exposure beyond compliance checklists.
If you want to understand cyber risk in terms that boards and CFOs actually respond to, this conversation is essential listening.
Federal cybersecurity responsibility has shifted to the states. What happens next?
In this episode of The SafeHouse Podcast, Jeff Edwards welcomes James Saunders, Chief Information Security Officer for the State of Maryland, for a deep conversation on state-level cybersecurity, resilience, and leadership.
James walks through his path from early technical support roles to federal cybersecurity leadership and now to protecting Maryland’s digital ecosystem. He explains Maryland’s IT Master Plan, the state’s five-pillar cybersecurity strategy, and how partnerships, talent, and resilience come together in practice.
This episode offers a behind-the-scenes look at how cybersecurity decisions are made at scale, how states collaborate with one another, and why taking care of people matters as much as taking care of systems.
