# Opener

Top Posts From Axio in 2022 to Better Manage Cyber Threats in 2023

Published by Axio

2022 has been a great year at Axio! We’ve welcomed many new Axions and opened a new chapter with a $23M Series B investment led by ISTARI, a Temasek company.

We will continue our mission to help guide business and security leaders in making better decisions around their cybersecurity investments in 2023. But first, let’s take a moment to appreciate some of our accomplishments this past year. Below are some of our favorite posts and/or topics we covered in 2022:

Industry/Analyst Recognition

In 2022, the CRQ (Cyber Risk Quantification) market emerged from its niche corner in the cybersecurity industry and transitioned from a questionable risk management approach to a must-have methodology for security leaders. Early in the year, Forrester published its report “Transform Cyber Risk Management With Cyber Risk Quantification,” with a thesis that parallels Axio’s cyber risk philosophy: for the modern CISO, CRQ is the way forward.

We published our thoughts on the key takeaways of that report and later hosted a webinar featuring Axio’s CEO and Co-Founder, Scott Kannry, with guest Paul McKay, Research Director at Forrester. View the full webinar here and our high-level recap here.


The role of CISO has always been challenging, and the stakes have only gotten higher in recent years. A large part of a CISOs job entails communicating with their CEO and board members in terms they can understand – dollars and cents. Axio Co-Founder and President David White discussed this notion in a fireside chat, “How to Speak to Your Board About Cyber Risk,” and we published a high-level overview of CRQ-related tips for communicating with your CEO.

For an in-depth study of the CISO position, our Leadership Guide for CISOs, “100 Days to Build a Strong Cybersecurity Foundation,” examines how CISOs can lay the groundwork for a successful cybersecurity program and build the relationships, skills, and knowledge to manage day-to-day challenges.

Legacy Risk Quantification Approaches are Failing Security and Business Leaders

In some cyber spheres, the term “quantification” has earned a bad reputation, and many security decision-makers believe CRQ can’t achieve the results they need. In his blog posts “How to Relieve FAIR Fatigue” and “FAIR Fatigue, and Deeper Dive,” David White addressed how CRQ can be a powerful instrument for CISOs and other security leaders when done right, and why the FAIR approach to CRQ has failed for so many organizations.

Additionally, our “5 Myths of Cyber Risk Quantification” blog post demystified the common misconceptions about CRQ that methodologies like FAIR have unfairly cast. Using a modern approach to CRQ like the Axio360 platform gives security practitioners a proactive tool to quickly understand and react to risk scenarios relevant to the business and optimizes cybersecurity spending.

Critical Infrastructure

The 2022 Colonial Pipeline ransomware attack changed the landscape of cyber risk management for critical infrastructure and served as a wake-up call for many business leaders. A year after the breach, we looked back at how the attack affected both public and private sectors, creating a “seismic shift” in how each approached cybersecurity.

The Colonial incident highlighted how susceptible critical infrastructure is to cybercrime. Compromised operational technology can potentially devastate our Nation’s economy, health, and safety, and decision-makers are faced with enormous pressure to choose the “right” spending priorities for their cyber programs. In a five-part series, we examined cyber risk for critical infrastructure, why it requires a scalable and efficient methodology, how to understand the impact of cybersecurity attacks, and how to prioritize countermeasures using CRQ.

What CRQ Can Do for You

For those unfamiliar with CRQ (or who continue to be skeptical of its merits), we created a handy, high-level overview of the three key use cases it can address: cyber insurance, compliance and regulations, and communicating and providing guidance to the board of directors. And for the latter, we published a second Leadership Guide, “Getting the Board Game Right.”

Targeting security leaders with more experience using CRQ, we created an outline for “Driving Faster Time to Value with CRQ.” The rapidly evolving cyber risk landscape requires fast results, and CRQ is a powerful weapon against cybercrime. Here, we examined how Axio’s approach to CRQ focuses on quantifying risk quickly, transparently, and in a way that all stakeholders understand.


As we head into 2023, we hope this year-end round-up sheds some light on topics and content you may have missed (or want to revisit). Please don’t hesitate to contact us with any questions or check out one of our free assessments here.

Thanks for reading and have a Happy New Year!