At C-Risk, we drive proactive cyber risk management and governance. Our data-driven approach empowers organizations to identify and mitigate risks before they become critical. We uniquely bridge the gap between technical teams and business leadership, equipping CISOs and risk teams with actionable insights to strengthen their digital defenses, demonstrate the ROI of their security controls, and communicate with the board in business terms.
C-Risk experts leverage open standards like FAIR and frameworks such as MITRE ATT&CK, combining them with our technical expertise and a powerful CRQ tool to deliver innovative solutions. As the risk and regulatory landscape evolves, we continuously expand our use cases to meet the needs of our customers. Our commitment to excellence and transparency enables global organizations to enhance their cybersecurity posture and grow, contributing to a safer digital economy.
C-Risk's founders, Christophe Forêt and Tom Callaghan, met while working at Dell. During their time, they helped large enterprises with digital transformation and cloud migration projects.
This experience led to many discussions focused on the communication gap between business leadership and information security and technology professionals.
In 2016, C-Risk was created to address the communication gap challenge – to be able to communicate cyber and technology risk in business terms.
For this reason, C-Risk adopted the Open FAIR™ standard and framework as a foundation of its risk management approach. C-Risk continues to expand its offerings and solutions as the risk and regulatory landscape evolves.
Tom and Christophe noticed that discussions about security and IT risks between business and IT experts were difficult. C-Risk was then created to address those communication issues.
Creation of the Paris branch of the FAIR Institute to promote the FAIR™ standard and its methodology in Europe. Since then, we have been developing partnerships with quantification professionals.
Launch of Cyber Risk Quantification training with FAIR™ and signing of the first European contracts, which marked the beginning of C-Risk's strong growth.
Launch of CRQ offers 1st European contact.
Datadock certification of our CRQ training courses.
Qualiopi certification of our CRQ training courses.
Fundraising of €2.5 million from Scale Up Capital’s XPGEN fund to accelerate growth.
Offices opened in the US, the UK, Germany and Ireland.
We believe that value is key, that is what drives us. First, we aim to bring value to our clients by seeking the most relevant solutions and striving for excellence every step of the way. Value also needs to be brought internally as everyone in the company is evaluated on their contribution to the company and their colleagues.
At C-Risk, authenticity is paramount. Everyone is welcome to express their ideas. One of our principles is that relevance has nothing to do with seniority, experience, or rank. As Christophe would put it, "quality does not wait a certain number of years". This is why our management style is collaborative and agile.
Our commitment is a consequence of our positioning and of our business vision. On the business side, we are committed to delivering the best service to our clients in order to secure their digital assets. Internally, we value mutual support and collaborative work. We are here for each other.
We are driven by curiosity, and a desire to provide the best innovative solutions. We keep up with the latest developments in cybersecurity by keeping an open mind. Open-mindedness also shows in the way our company operates and in the fact that we have developed a multicultural environment.
The C-Risk team is a diverse group of seasoned cybersecurity professionals and communicators.
.png)
C-Risk is your trusted advisor
As the co-founders of C-Risk, we are committed to the principles of openness and value creation. We seek to change the way cyber and technology risk is communicated and managed. Cutting through the noise and delivering clarity is the essence of our approach. With more than half of our combined careers dedicated to the hands-on world of IT operations and business development, we've seen firsthand the differences between a vendor and a partner. And we're here to be your true partner.
The internal culture of C-Risk is based on mutual respect and open dialogue. In order to be open and transparent with our clients, these same values are central to how we work with one another. Our collaborative spirit is a major strength. Each member of the C-Risk team contributes to our continually expanding collective knowledge of information security and operational risk challenges.
We recognize the limitations of human forecasting and decision-making, especially in the domain of cyber risk. Our risk-based perspective on cyber risk management is the driving force behind our unmatched CRQ solutions. C-Risk is dedicated to continued learning and sharing insights on quantitative methods that mitigate these shortcomings, ensuring better governance and resilience in IT security.
C-Risk is an industry pioneer in quantification. We look forward to working with you.
-Tom Callaghan & Christophe Forêt
C-Risk supports and collaborates with the FAIR Institute, a research-driven organization that promotes collaboration, education and open standards. The Open FAIR™ standard is the only open standard for quantifying risk through its Factor Analysis of Information Risk (FAIR) model. FAIR's taxonomy and ontology enable the decomposition of risk scenarios into measurable variables, facilitating accurate risk assessment and management. An open standard enables seamless sharing of information and best practices across organizations. This alignment with the FAIR Institute underscores our commitment to adopting and promoting transparent and effective risk management methodologies.
Let’s talk about your current challenges and your cyber risk management goals. Our experts will provide actionable insights on Cyber Risk Quantification (CRQ) and examples of our approach.
C-Risk is a recognized expert in Cyber Risk Quantification using the FAIR™ methodology. We provide CRQ solutions, advisory services and training.
