MetricStream, the global market leader in integrated risk management (IRM) and governance, risk, and compliance (GRC), and C-Risk, a leading international authority in cyber risk quantification (CRQ), today announced a partnership to jointly offer MetricStream’s CyberGRC and C-Risk’s CRQ enablement and training services to customers. The combination of MetricStream’s CyberGRC that includes advanced CRQ and Simulation, and C-Risk’s enablement services will enable faster time to value and help operationalise CRQ initiatives for organisations.
Cyber risk management has become a critical business issue for companies of all sizes and industries. However, decisions concerning insurance, controls to be implemented, investments in IT and security projects, tools, and resources are often made without understanding the plethora of risks that exists in each scenario and how a proposed solution can reduce those risks in monetary terms. CRQ, in particular the Factor Analysis of Information Risk™ (FAIR™) standard, allows modelling of risk scenarios and quantification of the financial impact using statistical and probabilistic techniques.
"Cyber risk quantification is a decision support tool that helps organisations present risk in financial terms to general management, justify and prioritise cyber security budgets as well as optimise a company's cyber insurance. It is the obvious next step in the GRC program of any organisation wanting to improve its cyber security governance,”
- Christophe Forêt, President of C-Risk
CISO’s and cyber leaders across industries are looking to prioritise and address their cyber risks, as well as drive maximum ROI from their cyber investments, We are excited to partner with C-Risk to accelerate the value of MetricStream’s CRQ capabilities with targeted FAIR™ training and enablement, said Raghuram Srinivas, Senior Vice President, Product Management, MetricStream.
About MetricStream
MetricStream is the global SaaS (Software as a Service) leader of Integrated Risk Management and GRC solutions that empower organizations to thrive on risk by accelerating growth via risk-aware decisions. We connect governance, risk management and compliance across the extended enterprise. Our ConnectedGRC and three product lines – BusinessGRC, CyberGRC, and ESGRC – are based on a single, scalable platform that supports you wherever you are on your GRC journey.
MetricStream is headquartered in San Jose, California, with an operations and R&D center in Bangalore, India, and sales and operations support around the globe.
About C-Risk:
C-Risk provides solutions to quantify information security and technology risk in financial terms. We help organisations understand information risk in business terms, decide how to prioritize investments to improve cyber resilience and information security compliance.
Recognized internationally for its expertise in cyber risk quantification (CRQ), C-Risk offers training on the FAIR™️ methodology, CRQ as a Service as well as Cyber Risk Quantification Enablement Services to help organization build their internal risk quantification capabilities and improve their overall information security governance.