The last couple of years have reminded us of how dangerous and fluid the world is. It's become our new normal. War in Europe, climate changes, macroeconomic problems and cyber attacks are just some of our society's issues. Now, in Denmark, we talk a lot about...
Risk
Give me a number!
People are often asked about estimates in investments, the opening of new business areas, projects and budgeting. The estimates given are subject to uncertainty. No one can tell the exact amount, time etc., that will occur in the future. Despite this...
The simplest risk metrics that we just can’t agree on
Inherent risk… residual risk… current risk? When your risk manager or regulatory affairs asks about your “inherent risk”, it highlights a fundamental flaw in qualitative risk assessments. Here’s why - and how to fix it. Although most of us engage in some form of risk...
Top 5 objections to using quantitative models within cyber risk management
Changing habits and mindsets take time and persistence. Especially within IT risk management. Again and again, we at ACI meet tonnes of objections to changing behaviour despite witnessing the benefits of moving from qualitative to quantitative. So, I felt...
Managing Cyber Risk With Tactical and Strategic Management Information
Communication is difficult, also when it comes to the risk of cyberattacks. The board and management need a clear basis for decision-making, but the communication needs to improve because it is often too technical or too high-level and abstract. Both cases are useless...
Why and how to determine the risk appetite
A skilled offshore engineer with whom I collaborated gave me a very concrete example of the application of risk appetite. The height of a drilling platform is set according to legislation and standards but also according to the company's risk appetite. How big a wave...
Risk scenarios – why and how?
If you are an IT expert and are asked to estimate, you may have experienced the frustration of having to estimate based on poorly formulated scenarios. If you are a risk manager and have had to build a risk register, you may also have experienced that it can be tiring...
The art of producing a 90% confidence interval using decomposition and calibration
When speaking about future events, it's inherently subject to uncertainty. A risk assessment tries to understand future loss events and is therefore also subject to uncertainty. The less history or fewer measurements, the greater the uncertainty. How can one predict...