What is quantitative cyber risk analysis?
Quantitative cyber risk analysis expresses risk in financial terms—dollars and probabilities—rather than subjective ratings like "high," "medium," or "low." Using methods like Monte Carlo simulation, we can estimate the expected annual loss from a cyber event and the probability of exceeding various loss thresholds.
What is the FAIR methodology?
FAIR (Factor Analysis of Information Risk) is an international standard for quantitative risk analysis. It decomposes risk into component factors like Threat Event Frequency, Vulnerability, and Loss Magnitude, which can then be estimated and combined mathematically to produce a loss distribution.
What is calibration training and why does it matter?
Calibration training helps you give accurate probability estimates. Most people are overconfident—when they say they're 90% sure of something, they're actually right far less often. Our calibration exercises train you to align your confidence levels with actual accuracy, which is essential for reliable risk quantification.
How does Monte Carlo simulation work?
Monte Carlo simulation runs thousands of scenarios using your input probability distributions. For each scenario, it randomly samples values for threat frequency, vulnerability, and loss magnitude, then calculates the resulting loss. The output is a probability distribution showing the range of possible outcomes and their likelihoods.
What if I don't have precise data for my estimates?
That's exactly why we use probability distributions instead of point estimates. You don't need to know the exact loss amount—you provide a range (minimum, most likely, maximum) that captures your uncertainty. The Monte Carlo simulation properly propagates this uncertainty through to the final results.
How is this better than a risk matrix or heat map?
Risk matrices can't tell you actual exposure in dollars, can't be mathematically combined (you can't add "high" + "medium"), and often produce inconsistent rankings. Quantitative analysis gives you numbers you can use: expected loss, value at risk, return on security investment.
Can I use RiskRadar for compliance and audit purposes?
Yes. The FAIR methodology is recognized by regulators and auditors as a defensible approach to risk assessment. Your quantitative analysis, with documented assumptions and methodology, provides much stronger audit evidence than subjective heat maps.
How do I calculate ROI on security controls?
Run simulations with and without a proposed control to see the expected loss reduction. Compare this reduction against the control's cost. If a $100K control reduces expected annual loss by $500K, you have a clear ROI case to present to leadership.
What types of risks can I analyze?
RiskRadar can model any cyber risk scenario including ransomware attacks, data breaches, insider threats, DDoS attacks, business email compromise, third-party breaches, system outages, and more. If you can estimate frequency and impact, you can quantify it.
Do you offer a free trial?
Yes! You can get started with RiskRadar for free. The free tier includes basic risk scenario modeling, calibration training, and Monte Carlo simulation. Paid plans add features like team collaboration, advanced reporting, and priority support.
Can I cancel my subscription?
Yes, you can cancel your subscription at any time from your account settings. If you cancel, you'll retain access until the end of your current billing period.
What support options are available?
All plans include email support. Professional and Enterprise plans include priority support with faster response times. Enterprise customers also get access to dedicated onboarding and training sessions.