Cyber Risk Podcast: Zach Cossairt, Equinix, on Identifying Top Business Risk Scenarios

Effective cyber risk management starts with the right set of skills, tools and processes

By Sweta Bhattacharya

In Episode 2 of The SAFE Cyber Risk Podcast, host Resha Chheda, VP of Product Marketing at SAFE, dives into a critical topic: managing cyber risk effectively to keep businesses secure and thriving. Our guest in this episode is Zach Cossairt, Integrated Risk Management Program Manager at Equinix.

With an ever-expanding attack surface—including assets, tech stacks, third parties, and business units—identifying and managing top risks can be overwhelming. Organizations struggle with fragmented risk visibility, tool sprawl, and prioritization challenges.

“But it doesn’t have to be, as long as you have the right skill sets, tools, and processes,” says Zach. Working with a team of FAIR practitioners, Zach helps the business manage cyber risk efficiently.

Watch the Full Podcast Episode Now!

7 Takeaways from Episode 2 with Zach Cossairt

1. Define Outcomes to Make Risk Information Digestible

A cyber risk management program should align with business outcomes such as revenue growth, customer trust, digital transformation, and operational efficiency. Risk exists in all these areas, and identifying threats that could derail these objectives provides clarity. Once an outcome is defined, the risk assessment process gains direction, enabling stakeholders to prioritize risk reduction. Resha puts it simply: “Set the destination before planning the route.”

2. Scope Business Segments to Make Cyber Risk Manageable 

Risk management is like organizing a library—without segmentation, it’s chaotic. Businesses must scope how cyber risk impacts different units, enabling a shared language for risk discussions. Zach advises teams to collaborate in prioritizing risks to enhance manageability and focus efforts. Without a structured approach, risk data can be overwhelming, making it difficult to act on effectively.

3. Identify Key Owners in Cyber Risk Management

Cybersecurity silos and overlapping risk management efforts can create confusion. Zach suggests using the IIA’s Three Lines Model to pinpoint risk owners—the people responsible for keeping critical business functions running. A simple test: “Who gets the call if that function stops working?” Clearly defining ownership ensures accountability and improves coordination between teams.

4. Map Cyber Risks in a Structured Manner

A Business Impact Analysis (BIA) is a valuable tool for mapping business-critical assets, data classification, and crown jewels to their business functions. Whether starting fresh or refining a mature approach, a structured mapping process helps prioritize and manage risk effectively. Organizations often struggle with scattered risk data—mapping risk in a structured format ensures it remains actionable and aligned with business priorities.

5. Build Consistency Through Quantification of  Cyber Risk

Zach recommends the FAIR standards to calculate loss ranges rather than single-point estimates. The precision should match the decision-making needs, ensuring a repeatable and consistent method for communicating cyber risk. By applying quantitative risk assessments, organizations can make informed investment decisions, balancing risk mitigation with business growth objectives.

6. Deliver Risk Data Tailored to the Audience

Cyber risk management should drive action. For leadership, provide a high-level view to support swift decision-making. For operational teams, deliver detailed, relevant insights that help them implement effective risk controls. Effective communication—filtering noise and tailoring messaging—can bridge gaps across teams and improve risk response. The more contextualized and role-specific the information, the better the risk mitigation outcomes.

7. Stay Proactive with Real-Time Risk Visibility 

Telemetry from cybersecurity tools and threat sources is essential for scaling risk quantification and continuous decision-making. It contextualizes data, enhances reporting, and creates a feedback loop for risk communication. Real-time visibility into risks allows organizations to respond proactively rather than reactively. Tabletop exercises further help businesses comply with regulatory requirements, such as declaring material incidents within strict timeframes, ensuring readiness for real-world scenarios.

Cyber risk management isn’t just about identifying threats—it’s about understanding their business impact and taking decisive action. Watch the full episode for more insights on mastering cyber risk management and driving meaningful security outcomes.

To learn how SAFE’s AI-led cyber risk management platform can empower you to stay ahead of enterprise and third-party cyber risks, schedule a demo with our cyber experts.