Birdseye™ CRQ Simulator helps security and risk leaders prioritize and communicate cyber and operational risk to improve business decisions and enable risk-reduction ROI calculations.

Ostrich Cyber-Risk, the unified qualitative and quantitative cyber risk management company that enables security and risk leaders to identify, prioritize and quantify cyber and operational risks, today debuted the Ostrich Cyber-Risk Birdseye™ CRQ Simulator designed to define cyber risk in financial values to aid informed business decisions for reducing risk.

Security and risk leaders have unprecedented pressures to protect their organization against ongoing threats including ransomware, data breaches and insider threats. Quantifying these risks is necessary to understand, evaluate, prioritize and communicate the risks in financial terms. This lends to improving decision-making, optimizing spending and addressing growing regulatory requirements by identifying and managing the most impactful risks first.

“We use Birdseye to both assess and quantify risk. The CRQ Simulator helps us plan risk-reduction scenarios to determine Annual Loss Expectancy results in dollars per year, and communicate that risk impact in financial terms,” said Arlan McMillan, Chief Security Officer, International Law Firm.

The CRQ Simulator is a new module in the SaaS Birdseye™ solution. It works based on Monte Carlo random number generation, probabilistic models, similar to the Open FAIR™ model, with the option to leverage granular Resistance Strength variables for improved Annual Loss Expectancy (ALE) probability outcomes.

“Our new CRQ Simulator module comes with an intuitive editor to build unlimited threat scenario simulations and the ability to run them thousands of times to gain better confidence in the Annual Loss Expectancy outcomes,” said Yiannis Vassiliades, Chief Product Officer, Ostrich Cyber-Risk. “This enables security and risk teams to compare options for addressing the risk, measure the acceptability of each outcome, and find the solution with the highest ROI to mitigate the simulated threat. This is essential to make cybersecurity program improvements not in a vacuum, but as a business decision.”

By using the full Birdseye™ solution with the CRQ Simulator module organizations can better understand their cybersecurity program effectiveness and gaps, justify strategic decisions by measuring the ROI of security projects and budget, and communicate risk via shareable reports with the board, non-technical stakeholders and third parties, like insurers.

About Ostrich Cyber-Risk

Ostrich Cyber-Risk helps organizations reduce the complexity of identifying, quantifying and communicating cyber and operational risks related to your cybersecurity posture with its Birdseye™ SaaS solution. Benchmarked against NIST CSF with references to best standards, like NIST 800-53, ISO 27001, CIS 18, etc. Birdseye is a unified qualitative and quantitative cyber risk management application that offers an intuitive assessment workflow to track your organization’s risk over time, all in one place. The Birdseye™ proprietary features include continuous progress tracking, real world data insights from Advisen for peer comparison, CRQ Simulator that simulates unlimited risk scenarios to enable risk-reduction ROI calculations, and shareable reports. Learn more at https://www.ostrichcyber-risk.com/.

View source version on businesswire.com: https://www.businesswire.com/news/home/20221110005484/en/