How to quantify risk  ?

CYBERS 27.02.2023

Can you smell, taste or touch risk? Most probably not. Therefore, IT Risk Expert Bo Thygesenfrom ACI and KüberCast hosts Siim Pajusaar and Ronnie Jaanhold will discuss how to quantify and measure risk and how to make decisions based on them. During OpSec minutes you will find out that Android TV box with preinstalled malware can be purchased on Amazon and AliExpress. 

Risk can be defined in several ways, but it can be said that it is a likelihood of a future loss or a potential loss. With risks, you can’t really be 100% sure that something is happening but there is a probability that something is going to happen. 

Coming up with a list of risks can be taken as a creative process. To find out the risks creativity, common sense, knowledge about threat landscape and history should all be taken into account. For example, history is a good source of insight regarding threats because if something has happened it can happen again, and this should be considered. 

Regarding risk evaluation there’s qualitative and quantitative risks and it is thoroughly explained how to find these risks, create risk registers and how to challenge those risks. It can be said that risk management has two motivations – defensive and offensive where both are used for a slightly different purpose.  

Bo Thygesen walks you through how to calculate the worst-case scenario risk and shares his knowledge regarding the Monte Carlo simulation. Also, there are several things that can be easily overlooked during risk assessments. For example, secondary loss like reputation loss is one of those since it is quite difficult to measure and challenging to build it back up. 

Eye-opening conversation about risks can be listened HERE. 

Latest blog posts

31.07.2025

Cyber turbulence: why airlines must take cybersecurity as seriously as air safety

The aviation industry is facing an escalating wave of cyber threats that go far beyond flight delays or data leaks. Airlines are now prime targets in modern cyber warfare—critical infrastructure vulnerable to sabotage, espionage, and geopolitical disruption. The July 2025 cyberattack on Aeroflot, which destroyed 7,000 servers and halted dozens of flights, is a stark warning of what’s to come. As digital systems control everything from aircraft operations to passenger data, this article explores why the skies are no longer safe from cyber conflict—and what the industry must do to defend itself.

Keep reading
23.07.2025

Building confidence, not just compliance: how Axinom validated their web application security

In high-trust industries, security is more than a checkbox—it’s a competitive advantage. Learn how Axinom validated the resilience of their DRM platform with NEVERHACK’s Offensive Security team, using deep manual testing to uncover what automation misses. A case study in turning compliance into confidence.

Keep reading
21.01.2025

Cybersecurity in 2025: Challenges and Strategies

Cybersecurity has become a crucial part of business strategy, determining organizations’ ability to protect their digital assets and continue operations during crises. The economic impact of cyberattacks is estimated to reach 1.5% of the global GDP, making 2025 a year of significant challenges and the need for continuous development in defense strategies. This is especially […]

Keep reading