Black Kite announced the launch of Open FAIR-Based Risk Assessments, expanding its AI-powered cyber assessment platform with enhanced CRQ capabilities. The solution fully automates the calculation of potential financial impact from data breaches, ransomware attacks, or business disruptions using the industry-standard Open FAIR methodology, removing the complexity and manual effort usually involved in CRQ analysis. This update integrates CRQ directly into the cyber risk assessment workflow, allowing customers to instantly measure financial risk during onboarding and ongoing risk reviews.
“While technical data will remain foundational, we see the future of third-party risk management being led by financial risk, which will become the key metric for decision making, increasingly shaped by board-level expectations,” said Chuck Schauber, Chief Product Officer, Black Kite. “Future risk decisions, from onboarding and renewals to insurance strategy, will be led by probable financial loss. With Black Kite’s newest capability, risk quantification analysis is now automated as part of the assessment workflow, so that risk leaders can instantly weigh risk versus revenue without manual analysis.”
As the industry’s first provider to automate Cyber Risk Quantification (CRQ) for third-party risk management, Black Kite leverages Open FAIR to deliver real-time CRQ through its continuous monitoring offering. These insights help risk teams prioritize remediation efforts and vendor outreach, while clearly communicating risk and program success to executive and business stakeholders.
By introducing Open FAIR-based risk quantification into the assessment workflow, customers can model onboarding decisions through “what-if” analysis. For example, they can simulate how sharing more or fewer records with a vendor impacts financial risk so that they can set clear vendor approval conditions. Additionally, customers are able to view real-time CRQ alongside assessment-based CRQ captured at onboarding and during periodic risk reviews to track how vendor risk is trending over time.
Customer key benefits include:
- Turn risk decisions into business decisions: Instantly quantify a company’s financial risk during onboarding and annual assessments to inform vendor selection, renewal decisions, and even insurance underwriting.
- Clearer vendor comparisons: Use a consistent financial risk language (e.g., “Are we willing to accept $10M vs. $2M of cyber risk in a ransomware scenario?”) to objectively compare vendors and select the best option.
- Understand risk trends over time: Track how a vendor’s financial risk changes by comparing point-in-time CRQ from assessments with real-time CRQ from continuous monitoring to get a high-level understanding of vendor maturity, remediation progress, and the impact of outreach campaigns over time.
- Model scenarios with full customization: Adjust model inputs to test different decision conditions, like onboarding a vendor only if data access is limited, and see how each scenario changes probable financial impact.
Open FAIR-Based Risk Assessments key features include:
- Automated FAIR model population: Never start with a blank model with Open FAIR factors that are automatically populated and enhanced by assessment responses, uploaded documentation, and insights from continuous monitoring.
- Assessment-based private modeling: Run private, assessment-specific analysis to estimate probable financial risk impact at key moments, such as onboarding, renewal, post major outreach campaign, and more.
- Full customization: Customize exposure metrics and FAIR inputs across key scenarios or entirely custom scenarios to test different assumptions.
To learn more about Black Kite’s Open FAIR-based risk assessments and automated cyber risk quantification, visit the platform here full details.
Related News:
Qualys Unveils Agentic AI for Autonomous Risk Management
Qualys Expands mROC Partner Alliance to Advance Global Cyber Risk Management
