Arx Nimbus Releases Thrivaca 3.0, First SaaS Platform to Provide Measurable Enterprise-Wide Cybersecurity Risk Reduction

Share Article

For the first time, insurance-grade quantitative cyber risk profiling in financial terms is available across the entire enterprise within days. Developed around actuarial principles and formal econometrics, Arx Nimbus’ Thrivaca product has been used in banking, national defense, healthcare and higher education, supporting cyber insurance decision-making, transparency and traceability in the cyber program, risk reduction, cyber investment optimization, and compliance attainment.

News Image
We see the need for reliable, mathematically-sound measurement of cybersecurity risk in financial terms.” said Arx Nimbus CEO, R. David Moon. “Cybersecurity regulators are calling for insightful, objective measurement of cybersecurity risk, not simply a product of expert opinion.

Developed collaboratively by a team of accomplished mathematicians and cybersecurity experts, Thrivaca is the first and only cyber risk analysis platform to financially value risk across the full threat surface, including central data systems, internet of things (IoT), shadow IT, recently-acquired entities, cloud, mobile technology, and outsourced systems. Thrivaca 3.0 adheres to regulatory requirements from the National Institute of Science and Technology (NIST), the Department of Health and Human Services, Department of Energy, and U.S. Treasury. Thrivaca 3.0 incorporates automated scanning, trend line analysis, and backtesting of risk dynamics against actual threat patterns in relation to the subject company’s specific vulnerabilities.

Thrivaca 3.0 allows senior leadership the first real financial understanding of the risk effects of the cybersecurity program. By providing “what-if” analysis for budgetary and cyber investment options, Thrivaca 3.0 allows optimization of cybersecurity strategies and directions and their relative risk reduction capabilities. Through its advanced algorithm, Thrivaca 3.0 provides the first complete linkage of the relationships between the key cybersecurity dimensions of threats, risks, vulnerabilities and capabilities, and provides documented traceability of key cybersecurity functions in support of internal audit, legal preparedness, compliance processes, and M&A due diligence.

Thrivaca 3.0 provides an independent, unbiased profile of the detailed sources and effects of the cybersecurity dynamics of the organization including a self-insurance price to help frame key decisions around the cost of specific cyber risks, and valuation of cybersecurity insurance policies. Developed with economist and actuarial practitioners, Thrivaca provides a mathematically-based core valuation engine that unlike conventional solutions, is not based on professional judgment or expert opinion. For organizations faced with cybersecurity risk, Thrivaca 3.0 provides financial valuation of their aggregate risk, and for the financial risk associated with specific vulnerabilities. For the first time, cybersecurity, financial, and risk professionals are able to see the risk-reduction impacts of alternative cybersecurity capabilities, budgets and prospective investments. The National Association of Corporate Directors said: “Board-Management discussions about cyber risks should include identification of which risks to avoid, which to accept, and which to mitigate or transfer through insurance” The European Union in its GDPR requirements said: “Risk should be evaluated on the basis of an objective assessment, by which it is established whether data processing operations involve a risk or a high risk.” The US Securities and Exchange Commission said: "Cybersecurity risks pose grave threats to investors, our capital markets, and our country. Controls and procedures should enable companies to identify cybersecurity risks and incidents, assess and analyze their impact on a company’s business, evaluate the significance associated with such risks and incidents, provide for open communications between technical experts and disclosure advisors, and make timely disclosures regarding such risks and incidents.”

About:
Arx Nimbus is a SaaS Software company that provides quantified analysis of cybersecurity defense, governance, compliance and risk reduction for organizations in every industry. Our mission and passion are to bring knowledge of cybersecurity risk to every enterprise worldwide. We combine deep experience in defense, logistics, financial services and technology sectors with exceptional academic credentials, equipped with comprehensive standards-based quantitative methodologies. Through its’ Thrivaca product, Arx Nimbus provides independent insurance-grade analysis of available options in addressing cybersecurity threats, risks, vulnerabilities and capabilities.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Bret Osborn
@ArxNimbus
Follow >
Arx Nimbus

Visit website