Skip to Main Content

RMA Develops Cyber Metrics Tool for Financial Institutions

Philadelphia, PA (February 6, 2020) –

The Risk Management Association is making a new tool available to member institutions to help them confront the ever-growing challenge of cybersecurity. RMA’s Operational Risk Council has created “Cyber Risk Metrics” that will guide institutions in assessing and managing cyber risk across various enterprise-wide dimensions.

RMA’s new cyber risk tool provides a framework to assess vulnerabilities; incidents; events and breaches; patch and account management; third parties; cyber risk awareness training; and audit findings and risk ratings. For example, metrics in the area of patch and account management include the average number of open patches per device and the percentage of high-severity vulnerabilities patched within 30 days.

The metrics call attention to both key risk indicators and key performance indicators.

RMA’s Definitive Cyber Risk Metrics are available at no charge to RMA members. An article on the metrics is included in the current issue of The RMA Journal.

“On behalf of RMA, I would like to thank the Operational Risk Council for their work in developing RMA’s Definitive Cyber Risk Metrics,” said Edward J. DeMarco Jr., RMA’s Chief Administrative Officer, General Counsel, and Director of Operational Risk. “The metrics are an indispensable tool for financial institutions as they fight off constant threats to themselves, their customers, and the entire financial system.”

About RMA   

Founded in 1914, The Risk Management Association is a not-for-profit, member-driven professional association whose sole purpose is to advance the use of sound risk management principles in the financial services industry. RMA promotes an enterprise approach to risk management that focuses on credit risk, market risk, and operational risk. Headquartered in Philadelphia, Pennsylvania, RMA has 1,900 institutional members that include banks of all sizes as well as nonbank financial institutions. They are represented in the Association by 18,500 individuals located throughout North America, Europe, Australia, and Asia/Pacific.

Media Contacts
Stephen Krasowski,, 215-446-4095 
Frank Devlin,, 215-446-4137