TYSONS, Va.--(BUSINESS WIRE)--Nehemiah Security, an internationally recognized supplier of cybersecurity software and services to enterprise and government organizations, promotes a methodology to quantify, justify and advance the risk management conversation among executives. Nehemiah believes that only with a clear understanding of a business’ priorities and risk appetite can companies integrate security risk into a broader and more effective conversation about all-encompassing organizational risk.
Over 90 percent of companies measure cyber risk theoretically, using generalized simulations and GRC best practices or compliance standards. The shortage of hard data to support security spend makes it extraordinarily difficult to acquire backing from the board for technology initiatives. Nehemiah found that while that most cyber professionals are confident in their ability to identify areas of concern, few believe that they are deploying the right resources to mitigate the biggest risks facing the company. Fewer still are able accurately measure and effectively communicate these risks and remedies to the board.
In response, Nehemiah Security partnered with Mighty Guides to advance the conversation with seven security experts. Each expert was posed the question, “What would you advise your friend who just took over as CISO when justifying their prioritization and spend to senior executives?” This turned a trending industry topic personal, prompting the interviewees to reveal what it really takes to effectively underpin security investments that enable the business.
One of the experts, Vicky Ames, Director of Information Security at Marriott International, explains in her interview, “Security should be the group that is enabling business, and you can’t enable a business until you understand the nature of that business.” Ames and her team are elevating security operations in the business through their efforts to quantify cyber risk in financial terms. This approach gives the technical leadership team the proper data and monetary association to better address the non-technical leadership’s most pressing concerns and then bring that focus into their loss prevention efforts.
Historically, industries have focused on utilizing qualitative analysis to reduce risk and garner buy-in from leadership. Following the Moneyball phenomenon, Major League Baseball (MLB) transformed the way players are examined and invested in based on a whole new approach using statistical metrics. In the same way, a platform that can determine the risks a company faces and measure security posture monetarily, is revolutionary for technical and non-technical leadership alike. With the help of Nehemiah, leaders in the security space are better prepared in their roles for managing risk and communicating that risk to c-level leadership and the board. When given the ability to quantify risk, professionals show increased confidence in their ability to evaluate company exposure, identify tangible steps to strengthen security posture and effectively communicate this data to non-technical leaders.
“Security leaders want to know what their biggest risks are, and what they can do to lessen those risks,” says Paul Farrell, CEO of Nehemiah Security. “This is exactly what motivated Nehemiah to create a solution for quantifying cyber risk. We are motivated to give businesses and their leaders the confidence to communicate problems and solutions freely, and we aspired to support them in aligning their business and security objectives and melding the two together for seamless risk analysis.”
To read more about how today’s industry leaders are justifying cybersecurity spend, click here.
About Nehemiah Security
Nehemiah Security believes that Security must become a core business function like Accounting, HR, and Sales. Nehemiah’s mission is to empower security leaders to integrate their operations into the suite of functions corporations monitor and invest in every day. Nehemiah Security works with enterprises around the world to elevate the security conversation and answer the question, “How does this impact my business?” For more information on Nehemiah’s cyber risk analytics, please visit nehemiahsecurity.com.