Top of Page

(ISC)² and PivotPoint Risk Analytics Announce Business Partnership to Raise Awareness of Need for Cyber Ri

Global cybersecurity certification and education membership body aims to help advance the automation of cyber insurance decisions through new partnership

      Clearwater, FL, and Baltimore, MD — May 24, 2016 — (ISC)²®and PivotPoint Risk Analytics today announced a business partnership with the mission to empower CISOs and information security professionals to assess the financial impact of vulnerabilities and potential security incidents to their organizations. The aim is to help information security professionals make smarter business decisions and manage risk via a new category of solutions called cyber risk analytics.

When it comes to cyber risk, information security professionals and their boards often speak a “different language,” making it difficult to understand the business impact of decisions and demonstrate ROI. By quantifying cyber risk using new cyber value-at-risk approaches, organizations can create a common lexicon for information security managers, risk managers, Boards of Directors, and other executives on risk mitigation and risk transfer through vehicles such as cyber insurance. This approach is endorsed by The World Economic Forum’s “Partnering for Cyber Resilience” initiative, which has framed cyber value-at-risk as the common risk quantification approach for its members.

 “CyVaR arms the CISO with automated cyber risk analytics to create and manage more effective security programs and to be more effective in communicating with other execs in building integrated programs,” said David Shearer, CEO, (ISC)². “We recognize PivotPoint Risk Analytics as the pioneer and leader who is transforming cyber value-at-risk from an interesting concept to a powerful operational capability.”

As part of the partnership, (ISC)², has employed PivotPoint’s flagship solution, CyVar™, to assess its own cyber-value-at-risk and guide the organization in its security strategy and in making decisions about cyber insurance.

CyVaR enables organizations to quantify risk to their business from cyber-attacks in dollars and cents. By showing customers where the greatest risks of financial loss exist, they can better prioritize investments in risk mitigation, such as implementing security controls or purchasing software, and better understand how to include cyber insurance to transfer risk as part of their cyber resilience strategy. CyVaR helps an organization to understand:

How much money they could lose to cyber-attacks over the next year

How investing in more security could reduce their risk

How much and what types of cyber insurance they need to transfer financial risk

“By quantifying the risk to the most critical corporate information assets and associated software and infrastructure, cyber value-at-risk helps CISOs secure the value of their business and bolster their respect in the boardroom,” said Julian Waits, CEO, PivotPoint RA. “We are excited about this collaboration with (ISC)², a recognized organization that is committed to enhancing the security posture of global organizations.”

For more information about PivotPoint’s CyVaR solution, please visit For more information about (ISC)2, please visit


About (ISC)
Formed in 1989, (ISC)² is the largest not-for-profit membership body of certified cyber, information, software and infrastructure security professionals worldwide, with over 114,000 members in more than 160 countries. Globally recognized as the Gold Standard, (ISC)² issues the Certified Information Systems Security Professional (CISSP®) and related concentrations, as well as the Certified Secure Software Lifecycle Professional (CSSLP®), the Certified Cyber Forensics Professional (CCFP®), Certified Cloud Security Professional (CCSP®), Certified Authorization Professional (CAP®), HealthCare Information Security and Privacy Practitioner (HCISPP®), and Systems Security Certified Practitioner (SSCP®) credentials to qualifying candidates. (ISC)²’s certifications are among the first information technology credentials to meet the stringent requirements of ISO/IEC Standard 17024, a global benchmark for assessing and certifying personnel. (ISC)² also offers education programs and services based on its CBK®, a compendium of information and software security topics. More information is available at 


© 2016, (ISC)² Inc., (ISC)², CISSP, ISSAP, ISSMP, ISSEP, CSSLP, CCSP, CAP, CCFP, HCISPP, SSCP and CBK are registered marks of (ISC)², Inc.

About PivotPoint Risk Analytics  

PivotPoint is the leading provider of cyber risk analytics that measure Cyber Value-At-Risk. In a world where conventional wisdom says you will get hacked, you bought one of everything to try to thwart the attack and protect your crown jewels. And as the threat—and business evolves—so does your cyber risk. Our customers, on any given day, can prove they have lowered the company’s cyber risk to secure the value of their business. Visit PivotPoint at, Twitter or LinkedIn.




Media Contacts

Amanda D’Alessandro
Manager, Global Communications
(727) 742-1853               

Leslie Kesselring 
Kesselring Communications for PivotPoint Risk Analytics 


 i World Economic Forum, Partnering for Cyber Resilience: Towards the Quantification of Cyber Threats, 2015.