In today’s complex cybersecurity landscape, effective risk management is crucial. This involves fulfilling cyber security controls according to established standards like ISO/IEC 27001, ISO/IEC 27005, the Center for Internet Security’s CIS v8.1, etc. Many organisations, particularly smaller ones, lack dedicated cyber risk teams. Therefore, streamlined and automated processes are essential. By implementing a robust Cyber Risk Management Policy, companies can gain a comprehensive understanding of their vulnerabilities. This requires a tool that can efficiently assess risks and identify necessary security controls. The authors of this paper have developed an asset-based tool that precisely evaluates risks based on the status of existing security measures for all types of institutions – from the smallest to large ones.

The proposed tool offers a fast and efficient approach to cyber risk assessment, enabling organisations to proactively mitigate threats and protect their valuable assets. It was developed as a web application that generates precise risk levels according to the answers provided on the status of the implemented cyber security controls. In addition, the tool also gives instructions and suggests safeguards to be implemented.