[To Whom it May Concern] / [NAME],
We will soon be engaging in a Cyber Risk Quantification exercise using the Axio360 quantification methodology. You and others have been selected to participate because of your role and key knowledge of and familiarity with the organization.
[Specific details and requests: We will be scheduling two 90-minute Quantification Workshops with you in [early December/DATE]. You will receive an invitation following this email. If you cannot attend, please nominate someone with similar roles and knowledge to participate. You do not need to prepare for these sessions.]
A more detailed explanation of the workshops and process follows.
During the Cyber Risk Quantification Workshops, we will answer the question, “What’s my cyber risk exposure in financial terms?” This is accomplished through a three-step process where we will brainstorm cyber loss scenarios, prioritize those scenarios, and finally estimate the impact of the scenarios using the Axio Quadrants.
The quantification workshop is a structured discussion with cybersecurity and other subject matter experts from the organization to identify several high-impact cyber loss scenarios and develop estimates of the financial impact of each scenario. Each scenario should represent a plausible cyber loss event, however remote in probability, based on technological functionality and utilization in the organization’s operations.
After the workshops are complete, each scenario and its financial impact will be available on the Axio360 platform. The scenario can be updated as procedures or controls are implemented that would contribute to preventing, detecting, or reducing the event’s impact.