Nehemiah Security’s Risk Engine Quantifies Cyber Risk in Financial Terms

Engineered to Evaluate Cyber Risk at Board Level, RQ 2.0 Effectively Correlates Technical Risk with Resulting Business Impacts

TYSONS, Va.– March 6, 2018 — Nehemiah Security, an internationally recognized supplier of cybersecurity software and services to enterprise and government organizations, today announced the release of RQ 2.0, a cyber risk platform engineered to financially quantify security as a business risk based on verifiable intelligence. Designed to correlate technical risks with an organization’s business assets, RQ’s Risk Engine aggregates data from business units, IT environments, and threat intelligence to identify the dollar amount that an organization’s unique risks pose to their business operations.

Too often, technical and non-technical leadership experience a misunderstanding of how best to manage cyber risk within an organization. Over 90 percent of companies measure cyber risk theoretically, using generalized simulations and GRC best practices or compliance standards. This speculative approach makes it difficult for security leaders to accurately convey the company’s overall tolerance for risk and justify budgetary needs for technology initiatives. In response, Nehemiah is the first to market with continuous, automated cyber risk quantification armed with risk mitigation and projected ROI computations to precisely answer questions like, “What is the severity of these risks to the business?”.

“Just as business variables are integrated into a portfolio of risks to be managed across a complete business unit, cyber risk should be as well,” said Paul Farrell, CEO of Nehemiah Security. “With RQ in place, security and business leaders can communicate more efficiently and measure security risk in financial terms, presented in a transparent and observable way, so the board can understand how to transfer risks intelligently.”

Nehemiah’s RQ platform allows technical leaders to quantitatively report on the business impact of cyber risk through the lens of their company’s unique business model. The risk engine establishes relationships between business applications and technical assets, then correlates technical exposures to threat intelligence feeds and known attacker scenarios. By constantly managing these ties, RQ automatically computes security as a business risk in financial terms. The RQ dashboard updates to report on potential losses such as disruption, loss of Personally Identifiable Information (PII), or cost of recovery and remediation.

Without data-driven quantification of security risks that can be described in financial terms, there cannot be productive conversations about security. RQ empowers businesses to take control of their risk assessment process and provides security leadership with direction on methods for risk mitigation and projected ROI computations to cut through the noise and deliver actionable information in common business language. By reducing the lengthy time and heavy cost of a traditional cyber risk assessment, Nehemiah is pioneering a new system of risk management for security in the business.

About Nehemiah Security

Nehemiah Security believes that Security must become a core business function like Accounting, HR, and Sales. Nehemiah’s mission is to empower security leaders to integrate their operations into the suite of functions corporations monitor and invest in every day. Nehemiah Security works with enterprises around the world to elevate the security conversation and answer the question, “How does this impact my business?” For more information on Nehemiah’s cyber risk analytics, please visit

Media Contact

Sarah Kneip

😎 Nehemiah Security Named a Gartner 2020 "Cool Vendor"Learn More