{"id":59821,"date":"2025-12-10T16:00:14","date_gmt":"2025-12-10T16:00:14","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/protecting-value-at-risk-the-role-of-a-risk-operations-center\/"},"modified":"2025-12-10T16:00:14","modified_gmt":"2025-12-10T16:00:14","slug":"protecting-value-at-risk-the-role-of-a-risk-operations-center","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/protecting-value-at-risk-the-role-of-a-risk-operations-center\/","title":{"rendered":"Protecting value at risk – the role of a risk operations center"},"content":{"rendered":"

Partner Content<\/span> For years, celebrities have insured their body parts for vast sums of money. Mariah Carey allegedly insured her voice and legs for $70 million during a tour, according to TMZ<\/a>; and Lloyd\u2019s of London<\/a> was reported to have insured a wide range of celebrity body parts, from restauranteur Egon Ronay\u2019s taste buds to the fingers of Rolling Stones\u2019 guitarist Keith Richards, which were insured for $1.6 million. <\/span><\/p>\n

Besides leading to a great headline, each of these deals puts a tangible financial value on an asset that is essential to the person involved. Alongside being an actor or singer, these individuals are businesses in their own right. Those insurance deals assign specific monetary values against risk.<\/p>\n

For IT security teams, this kind of exercise can also be useful. Being able to put specific costs against threats to core parts of the business can justify the resources needed to fix or mitigate problems that could prevent an attack. Cyber risk quantification, or CRQ, should provide an essential measure that CISOs can use with their boards, and that IT teams can use to prioritize what they work on too.<\/p>\n

Getting CRQ right in practice<\/strong>
\n<\/h3>\n

However, getting CRQ implemented effectively involves more than just the technology. Collaborating with the business on what to measure makes a specific difference. Gartner predicted<\/a> that half of cybersecurity leaders will have tried and failed to drive enterprise risk decision making with CRQ by this year.<\/p>\n

Behind this, security leaders have to look at how they manage risk operations over time. We have security operations centers (SOCs) that act as cyber war rooms, effectively collating data and managing incident response after an attack succeeds. What many organizations lack is that same process in place for risks before they materialize. This ‘peace time’ approach to potential risks prevents problems and improves that overall security posture before problems arise.<\/p>\n