Winners of 2025 FAIR Institute Awards for Cyber Risk Management Announced at Gala in New York City

News provided by

FAIR Institute

Nov 11, 2025, 08:00 ET

21-judge panel recognizes leaders advancing FAIR-based cyber risk management

NEW YORK, Nov. 11, 2025 /PRNewswire/ -- The FAIR Institute today announced the winners of the 2025 FAIR Institute Awards, recognizing outstanding leadership and innovation in cyber risk management using the Factor Analysis of Information Risk(FAIR) model. Winners were revealed at the FAIR Institute Awards Gala on Tuesday, November 4, in New York City during the 10th annual FAIR Conference.

Winners were selected through independent review by a panel of 21 senior cybersecurity and risk leaders, including several former award recipients. "Each of our winners this year represents the future of cyber risk management," said Nick Sanna, President and Founder of the FAIR Institute. "As organizations navigate new challenges, from AI-driven threats to third-party risk and the need to scale risk management to the enterprise, FAIR has evolved into a common, defensible foundation for quantifying exposure, prioritizing investment, and driving better business outcomes. These leaders are showing how to operationalize that discipline at speed and scale."

Cyber Risk Executive of the Year

Recognizes CISOs and senior executives who embed FAIR into business decision-making, deliver measurable improvements in outcomes, and influence enterprise stakeholders. 

For the first time in the history of the FAIR Institute Awards, this category resulted in a tie, honoring David Jordan, SVP & CISO, IHG Hotels & Resorts, and Robert S. Allen, Global CISO & Responsible AI Officer, Gallagher.

Jordan emphasized FAIR's role in elevating decision quality amid uncertainty: "Those of you who are CISOs understand that we spend so much of our time making decisions on very limited information. This methodology, along with the work the FAIR Institute has done, gives us more information to make better, smarter decisions. And that makes my job a lot easier."

Allen highlighted FAIR's impact on executive alignment and prioritization: "Over the five years I've served as Global CISO, leveraging FAIR has grounded our discussions with the executive team, tying our top risks to concrete mitigations and to annualized loss exposure. That discipline has been critical to our program's transformation and more than $300 million in residual risk reduction. It's not a surprise that we're now expanding our use of FAIR into AI and emerging risks; FAIR has become core to how we operate our program."

Cyber Risk Management Program of the Year

Recognizes teams that run mature, quantitative cyber risk programs with clear governance integration, measurable outcomes, and a track record of enabling better business decisions. 

Global luxury goods group Richemont was honored for deploying FAIR across 25 Maisons (brands) to standardize analysis, engage executives, and improve prioritization and outcomes. "FAIR has become the backbone of how our second line partners with the Maisons," said Pierre Olodo, Cyber Risk Manager at Richemont. "Across our business, we quantify exposure, maintain a living risk register, and make cost-benefit tradeoffs visible so C-levels can engage. With FAIR, we prioritize the highest-impact mitigations in our largest programs. Our next objective would be to extend the approach toward enterprise risk so our Board can compare cyber and non-cyber risks in a single, defensible view."

Excellence in Third-Party Risk Management

Recognizes programs that apply FAIR to vendor and supply-chain risk to accelerate onboarding, reduce exposure, and improve accountability.

UPMC was honored for integrating FAIR into continuous vendor evaluations and operationalizing results to guide business owners. The program prioritized high-value mitigations, leading to an estimated $217 million reduction in third-party loss exposure. "FAIR lets us translate third-party risk into business terms," said Ryan George, Sr. Director, IT Security at UPMC. "By quantifying the loss exposure of each third party (vendor), we prioritized data purges and stronger assurances—and showed measurable reductions our business leaders can act on."

Cyber Insurance Innovation Award

Spotlights the application of FAIR to drive efficient premium pricing and tailored coverage in cyber insurance. 

Mosaic Insurance (Global CISO & Cyber Risk Engineering Lead: Jay Vinda) was recognized for embedding FAIR into underwriting. As Vinda noted: "When you work in cyber insurance, you must understand a company's cyber risk posture, their threat exposure, and compare that against the financial value of an insurance policy. By adopting FAIR, we've turned the strength of [our client's] cyber controls and lower risk exposures into an incentive, with up to 30% discounts in cyber insurance premiums. All in an objective and defensible way."

Denny Wan FAIR Ambassador Awards

Recognizes members who champion FAIR through advocacy, mentorship, education, and community-building. 

For this award, we recognize winners from three distinct global regions based on their local, regional, and global impact on the FAIR Institute and the cybersecurity profession.

  • APAC: Prometheus Yang, Founder, Taiwan Risk Governance and Measurement Association
  • Europe: Laura Voicu, Principal Security Assurance, Elastic
  • North America: AJ Anand, Director, Transformation, Global Security, ADP

The FAIR Institute congratulates all finalists and winners for their leadership in advancing quantitative, decision-oriented cyber risk management. For full details on winners, finalists, and judges, see the awards coverage on the FAIR Institute blog.

Learn more: fairinstitute.org/blog/fair-institute-awards-2025 

About the FAIR Institute

The FAIR Institute is a non-profit professional organization dedicated to advancing the discipline of measuring and managing cyber and operational risk. With over 18,000 members, the Institute is recognized as a leading authority on cyber risk quantification and best practices in management. The FAIR Cyber Risk Management Framework, based on the industry's leading CRQ methodology, has been adopted by organizations across sectors to enhance security governance and risk-informed decision-making.

For press inquiries, please contact:
Todd Tucker
Managing Director
Email: [email protected]

SOURCE FAIR Institute

21%

more press release views with 
Request a Demo

Also from this source

FAIR Institute Releases 2025 State of Cyber Risk Management Report

The FAIR Institute today released its 2025 State of Cyber Risk Management Report, revealing an ongoing shift in how leading organizations manage...

GuidePoint Security Joins the FAIR Institute as an Advisory Partner to Advance Cyber Risk Management Best Practices

The FAIR Institute, a leading non-profit organization dedicated to advancing the discipline of cyber and operational risk management, is pleased to...
More Releases From This Source

Explore

High Tech Security

High Tech Security

Computer & Electronics

Computer & Electronics

Insurance

Insurance

Banking & Financial Services

Banking & Financial Services

News Releases in Similar Topics