Cyber-Risk Quantification

Benchmark your cybersecurity program now with Gartner IT Score for Security and Risk Management Leaders.

n = 51 security and risk management leaders who have already adopted CRQ Source: 2021 Gartner Cyber-Risk Quantification Survey © 2022 Gartner, Inc. and/or its affiliates. All rights reserved. CM_GTS_1802731

Benchmarking Cyber-Risk Quantification

Models, use cases and outcomes

Faced with increasing board scrutiny and executive demand for cybersecurity services, security and risk management (SRM) leaders are turning to cyber-risk quantification (CRQ) to communicate risk, aid enterprise decision making and prioritize cybersecurity risks with greater precision.

Most SRM Leaders Have Already Adopted Ordinal Scales

More sophisticated CRQ methodologies are less commonly deployed.

Three out of the top 5 CRQ use cases target communication of risk exposure to different stakeholders.

risk

exposure

SRM Leaders Primarily Leverage CRQ to Communicate Risk

Driving Business Action Is Challenging

While SRM leaders use CRQ to communicate risks, they found driving business action to be a key challenge.

Achieving Awareness Instead of Action

More than half of SRM leaders struggle to use CRQ to drive business action, rather than awareness.

Survey respondents consider tying risk analyses with business action as one of top 5 implementation challenges.

Get Started Now