OT cyber risk management is evolving to an impact-based approach, where the estimated financial loss of a major cybersecurity incident is being quantified. Financial quantification helps reveal the probability and potential impact of a major cybersecurity event. But with traditional cyber risk quantification approaches, their simulations have struggled due to their high subjectivity and lack of defensible data.

The session will explore the financial quantification of cyber risk as a foundational concept, with real examples of how existing OT cybersecurity data - or telemetry, can be used to reduce the uncertainty, improve the timeliness and better accuracy of cyber risk analysis using quantitative methods. If a new ransomware campaign is targeting the manufacturing sector, how much does my risk increase? If we don't mitigate the CVE vulnerabilities in our system, how much risk do they present? If I move ahead with a 3-year cybersecurity road map, how much risk is reduced each year?