This presentation explains how to use the Monte Carlo simulation module in @RISK to enable the accurate calculation of cyber risk for disclosure purposes.
Cyber risk is recognized as a material enterprise risk that must be accounted for in financial disclosure. The SEC Cybersecurity Disclosure Guideline demands the inclusion of cyber risk disclosure in annual filings. The SOC attestation standard, developed by the American Institute of Certified Public Accountants (AICPA), is a well-established methodology for assessing sufficient cyber risk disclosure for service organizations. The NIST-endorsed Open Group FAIR cyber risk quantification methodology, leveraging Monte Carlo simulation, is a global standard for measuring cyber risk expressed in dollar values. The presenters will walk through the methodology using @RISK to support FAIR analysis.