As cyber attacks occur with increasing severity and frequency, cyber risk has moved to the top of many organizations’ critical risk lists. Current and future regulations will require a reliable, evidence-based approach to risk assessment as one of the minimum compliance requirements. Organizations are exploring new methods and actionable steps to assess and quantify cyber exposure.