Every organization has ongoing costs associated with risk. These risks must be funded through reserves – otherwise they will result in unfunded liabilities. The cost of these reserves, driven by remaining unmitigated risks, are identified and exposed in the Risk Profile.
After accounting for mitigated risk and transference to commercial insurance, the Thrivaca Risk Profile identifies the ongoing cost of digital risk – the remaining risk after all current risk reduction efforts. As more risk mitigation efforts are applied, the costs of self-insurance (“Self-Insurance Cost” or SIC) are reduced, producing cost recovery as each increment is attained. While no organization can mitigate or remove 100% of risk, every incremental percentage point of risk reduction results in recovery of the carry cost (i.e. SIC) produced by these risks.
The detailed relationships and identification of risk origins provided by Thrivaca allow re-prioritization of cybersecurity initiatives, re-direction of resources, and expansion of higher-effectiveness efforts, resulting in progressive increases in measurable risk reduction. Commonly, an 8-10% increase in risk remediation results are attainable, resulting in a corresponding reduction in unmitigated risk and its cost. Since most organizations have already mitigated the majority of the potential risks, an increase in risk mitigation of 8-10%, even within current cybersecurity budget funding, can produce millions of dollars in cost recovery.