Since we are positioning cyber risk as an important component of operational risk within banking and insurance industries, all the common models used in OpRisk management can be implemented for cyber risk as well. The most popular and perhaps the easiest one in OpRisk analysis is Loss Distribution Approach (LDA), which is discussed

in our previous article.

However, it is possible to use alternative models for quantifying operational risk. These models for the specific case of cyber risk are a focus of the article attached below. Using a Factor Analysis of Information Risk (FAIR) framework, we divide the cyber risk assessment into finding probable frequency and probable intensity.