January 12, 2023
A large size logistics company with over £11 billion in yearly revenue. The company mainly operates in the UK with thousands of regional and local operational units. The main cybersecurity team is located in London with additional information security professionals dispersed geographically to support operations. The company is currently basing its security controls maturity on the NIST framework.
To understand their cyber risk exposure, the company currently uses ad-hoc simulations with intensive manual tasks and costly processes. This only provides them with a point in time snapshot of the company’s cyber risks and business impacts from a financial quantification perspective. They were looking to assess a long-term alternative approach of how to best support their initiatives to decrease their cyber risk exposure and in turn reduce their financial exposure in the future. Most importantly, they wanted to make sure that all their data from GRC, attack surface, and other cybersecurity platforms was being used to better inform Kovrr’s platform about their cybersecurity posture.
The company was interested in eliminating the costly manual processes without compromising on accuracy. They were looking for a solution that would allow them to run necessary simulations on demand and therefore a more efficient, scalable process. They were also looking for a solution that would augment the capabilities of their existing security team’s quantification initiatives.
The company began the process by running a full cyber risk quantification on the entire group. This was done using Kovrr’s Cyber-Sphere and internal data integrations with Microsoft, ServiceNow, and Panaseer. Each quantification run after the initial, considered a different integration to see how the specific data imported impacted their financial exposure. This allowed the company to combine various views of risk from different aspects of their cybersecurity posture into one coherent output.
This CISO created a cohesive view of risk by applying a financial value on the data collected from various cybersecurity platforms. This initiative was warmly received by both the CIO and CFO because it allowed them to better understand the risk from an operational perspective. The platform provided CISO with the ability to visualize the effectiveness of the group’s current cybersecurity program, assess the potential risk reduction for future cybersecurity investments, and form a solid risk transfer strategy. The use of this tool was essential in helping aligning stakeholders to a mutual view of risk across the organization.
January 12, 2023
Creating quantitative financial insights from raw cybersecurity data
November 22, 2022
How a large retail corporation was able to prioritize 12 major projects with a projected ROI ranging from 17%to 165%?