In this first session, we identify the widespread lack of quantitative IT risk analysis in UK organizations and the dangers posed by relying on risk matrices. Doug Hubbard, CEO of Hubbard Decision Research, will then explain how their quantitative approach of AIE (Applied Information Economics) can help you make better, cost-effective risk analyses, which measurably reduce uncertainty and risk.


Date: Wednesday 19 August 2020

Time: 12:30 – 13:30

Cost: FREE

Target Audience

Anyone involved in security or risk analysis for IT, including CIOs, CISOs, CTOs, IT security managers and ISO 27001 auditors.

Learning Outcomes

You will leave with an understanding of the inadequacies of current qualitative and semi-quantitative methods of IT risk assessment. You will learn that quantitative methods, are not too difficult to apply, do not require a degree in maths or the existence of large data sets for analysis. You will see that there are ways of measuring uncertainty and therefore risk, so you can reduce it. The session ends with an exercise to test how well you estimate uncertainty. The results will be analysed in the second session.

About the Presenters

Doug Hubbard

Doug Hubbard is the CEO of Hubbard Decision Research which he founded in 1998. It provides consultancy and training in quantitative methods to support decision making. He is the creator of

AIE (Applied Information Economics) whose principles underpin this quantitative approach. These methods have been adopted by businesses across many sectors and by government organizations.

Doug started his career as a management consultant at Coopers and Lybrand after gaining his MBA in 1988. As well as providing management consultancy, he is a sought-after speaker and the author of a number of books, including The Failure of Risk Management: Why It’s Broken and How to Fix It, How to Measure Anything: Finding the Value of “Intangibles” in Business and How to Measure Anything in Cybersecurity Risk. The first two books are now set texts for exams for membership of the Society of Actuaries. His articles and research have also been published in a number of periodicals and learned journals, including Nature.

Fred Hickling

Fred Hickling is a cybersecurity consultant and a QA associate trainer. Over the years, he has become aware of how little quantitative IT risk assessment is done in the UK. Introduced to Doug

Hubbard’s work last year, he appreciated the extent to which this lack was a problem, as well as a way to fix it. He introduces this event - a step in bringing the benefits quantitative risk assessment to the attention the IT professionals in the UK.

Fred is a director of Networks and Systems Ltd, as well as being a non-executive director of another company not in the IT sector. He has numerous industry certifications, including CISSP, CISM, CISMP and CCISO, as well as several physics degrees.