Search Icon White
News Cover Image

ISA and ANSI Release New Action Guide to Help Business Leaders Mitigate the Risk and Damage of Cyber Attacks


The Financial Management of Cyber Risk: An Implementation Framework for CFOs

The Internet Security Alliance (ISA) and the American National Standards Institute (ANSI) released today a new action guide to assist business executives in the analysis, management, and transfer of financial risk related to a cyber attack.

According to the White House Cyberspace Policy Review, between 2008 and 2009, American business losses due to cyber attacks had grown to more than $1 trillion of intellectual property. In this report, the President asked for a program that would help assign monetary value to cyber risks and consequences, giving organizations greater ability and incentive to address cybersecurity.

The new ISA-ANSI publication, The Financial Management of Cyber Risk: An Implementation Framework for CFOs, responds directly to the President's request, offering a pragmatic action plan that addresses cybersecurity from an enterprise-wide perspective.

"Business is currently on the front lines of a raging cyber war that is costing trillions of dollars and endangering our national security," said Larry Clinton, president of the ISA. "Effective, low-cost mechanisms are already in place to shield against many elements of the cyber threat. But too often executive leaders wait until they are compromised to develop a plan of action, damaging their company's reputation and incurring additional cost. The guide we are releasing today provides a practical and easy-to-understand framework for executives to assess and manage their cyber infrastructure."

Developed by a cross-sector task force of more than sixty industry and government experts, this publication has been funded and managed by the private sector and is offered as a free resource on cyber risk mitigation for organizations across the country. The Financial Management of Cyber Risk: An Implementation Framework for CFOs approaches the financial impact of cyber risks from an holistic perspective, including relevant chapters that touch upon the core business functions of all organizations, no matter the size or industry sector.

"By bringing together this diverse group of cyber security experts, ISA and ANSI have identified the potential gaps in the process of analyzing cyber risk," said Fran Schrotter, senior vice president and chief operating officer at ANSI. "We have given C-suite executives a tool that will assist them in developing and implementing a cyber risk management plan for their entire organization."

In addition to strategic questions, the action guide offers sample charts to aid in calculating the probability and severity of financial loss from both risk events and the actions taken to mitigate them. The guide also includes a list of standards and reference documents to help businesses develop comprehensive risk management frameworks.

The Financial Management of Cyber Risk was unveiled this morning during a press conference at the National Press Club in Washington, DC. Electronic copies of the publication are available for free download at

Symantec, a premium sponsor of The Financial Management of Cyber Risk, attended this morning's press conference. Justin Somaini, chief information security officer of Symantec Corp., was on hand to express the value of this implementation framework to American businesses, describing the guide as "an invaluable resource for every C-level executive." Partner sponsors Direct Computer Resources, Inc. and Phillips Nizer were also in attendance.

"Cyber security is vital to our economic well-being - both on an enterprise level and a national level," Clinton said. "ISA and ANSI are pleased to offer this volume as a pragmatic first step in the effort to create a sustainable system of 21st century information security."


About ISA (
The Internet Security Alliance is a multi-sector trade association established in collaboration with Carnegie Mellon University in 2000. ISA's mission is to combine advanced technology with the pragmatic business needs of its members and help create effective public policy leading to a sustainable system of world-wide cybersecurity. ISA advocates a modernized social contract between industry and government creating market based incentives to motivate enhanced security of cyber systems. ISA provides its members with a range of technical, business and public policy services to assist them in fulfilling their mission.

About ANSI (
ANSI is a private non-profit organization whose mission is to enhance U.S. global competitiveness and the American quality of life by promoting, facilitating, and safeguarding the integrity of the voluntary standardization and conformity assessment system. Its membership is comprised of businesses, professional societies and trade associations, standards developers, government agencies, and consumer and labor organizations. The Institute represents the diverse interests of more than 125,000 companies and organizations and 3.5 million professionals worldwide.


Jana Zabinski

Senior Director, Communications & Public Relations


[email protected]

Beth Goodbaum

Journalist/Communications Specialist


[email protected]