Skip to main content

Home > Categories > Cyber Risk Rating > NormShield Now Allows You to Quantify Supply Chain Risk in Dollars. But Is That a Good Thing?

Home > Categories > Cyber Risk Rating > Research > NormShield Now Allows You to Quantify Supply Chain Risk in Dollars. But Is That a Good Thing?

NormShield Now Allows You to Quantify Supply Chain Risk in Dollars. But Is That a Good Thing?

Normshield recently announced that it has licensed the FAIR model to allow customers to quantify supply chain security risk in terms of financial impacts. It is innovative, but is it useful?

Factor Analysis of Information Risk (FAIR) is a methodology for calculating information security risk. It initially gained popularity for its pioneering structured approach towards assessing and quantifying different components of risk. However, FAIR’s proprietary nature and licensing requirements have restricted its use. This announcement means that NormShield customers can now take advantage of FAIR to help measure supply chain risk in terms of potential financial impacts.

“Incorporating the FAIR Model into cyber risk assessments enables organizations to effectively quantify the true financial cyber risk to their bottom lines,” said Mohamoud Jibrell, CEO of NormShield. “Companies now can have a three-dimensional view of the technical, compliance and financial impact of a cyberattack to better understand the full risk relationship with a partner or supplier. For some, the business benefits will outweigh the cyber risks but for others it may not.”

Our Take

In the still fledgling but rather crowded market for Cyber Risk Ratings, innovation that provides customer value may be the best shortcut to the front of the pack. The use of FAIR to quantify supply chain risk is definitely innovative, but the jury is still out on how much customer value it will deliver. Cyber Risk Ratings only scratch the surface when it comes to vendor risk, so many of the factors used to quantify that risk will necessarily be highly speculative. Customers will find no value in reports that are overly ambiguous, so NormShield’s job is to make sure that its customers can have confidence in the results.

Want to Know More?

Build a Vendor Security Assessment Service

Other Recent Research in Cyber Risk Rating

Cyber Risk Rating

Panorays Enhances Its Cyber Risk Ratings Product With New Dark Web Monitoring Features

Dark web monitoring for supply chain risk is becoming a mandatory feature for cyber risk ratings providers. Panorays’ latest press release shows that it is catching up to the big players.

Cyber Risk Rating

BitSight Says Cyber Risk Ratings Are a Good Measure of Internal Risk – Is It Right?

BitSight Enterprise Analytics looks to increase the value proposition of using cyber risk ratings for internal risk management, but are they barking up the wrong tree? If you assume that cyber risk ratings are mostly useful for third-party risk management, you aren’t alone. BitSight is aiming to change that with its new Enterprise Analytics solution, but it may be chasing after the wrong audience.

Cyber Risk Rating

Panorays Gifts Its Customers a Mixed Blessing in Access to Shared Assessments Program Questionnaire

Panorays has announced a partnership with Shared Assessments to provide Panorays customers with access to the Standard Information Standard (SIG) questionnaire. This is an innovative offering but may prove to be a mixed blessing.