Cyber Risk Quantification (CRQ) methodology to forecast how often the firm believes they will experience a breach and in so doing, how much capital would be required to weather such an event. Some years, there will be no breaches (no losses), but sometimes, inevitably, there is a loss. The proposal would extend that into simple to understand disclosures for customers. Pretending that your organization will never have a breach would no longer be an option. Instead of this current state, where we are complicit in the fictional narrative that organizations might never be hacked, what if we all openly admit what is and embrace it.
Source: https://threatpost.com/cyber-risk-prospectuses/151365/