Think Fast - Justify and Prioritize Cybersecurity Investment Decisions in an Hour

July 1, 2021  Taylor Maze

Stopwatch Red - Think Fast -  Justify and Prioritize Investment Decisions in an HourWe get it - the to do lists are long and the days are short. In a perfect world, you would love to do a quantitative analysis each time a budget or investment decision is required, but you rarely have the hours, days, or sometimes even weeks to dedicate to that effort. So, instead, you wind up sacrificing rigor and objectively for efficiency. Sound familiar?

What if we could exponentially reduce the analysis time? What if we could look for patterns in data and estimation and use those to drive consistency and efficiency? What if we could complete a full cost-benefit analysis in an hour or less? Recently a large health care payer company was able to do just that with RiskLens.

Taylor Maze is Sr. Consultant, Professional Services, for RiskLens

Like many of you reading this, this team was experiencing resource constraints and had ongoing difficulty getting onto subject matter expert (SME) calendars. The team had a number of scenarios they needed to quantify, and they also needed to be able to identify and evaluate control alternatives if the risk exceeded their risk appetite. 

Bottom Line: They needed an efficient, low-touch risk analysis method that did not sacrifice rigor or objectivity. Using the RiskLens platform, the team was able to successfully quantify a total of 4 current state scenarios each with a what-if control investment future state, with an average time spent per analysis of 1 – 2 hours.

The leadership team was more than pleased with the results - through the efficient analysis process the team was able to identify a control improvement alternative they had not previously considered capable of saving them hundreds of thousands of dollars per year for virtually no investment cost.

RiskLens Platform - Compare Controls ROI

Controls comparison on the RiskLens platform

How the RiskLens Platform Accelerated Cyber Risk Analysis

RiskLens’ pattern-based frequency and magnitude Data Helpers were a key differentiator in driving the efficiency. The Data Helpers are pattern-driven, based on common attack vectors (such as a network foothold via phishing, which is the most common way of compromising an internal-facing system), and curated based on research from respected data sources (including Advisen, Verizon DBIR, and the Federal Reserve Economic Data (FRED)).

The use of these curated data libraries changes the risk quantification process from data collection to data selection, saving organizations hours previously spent tracking down estimations.

Learn more about RiskLens Data Helpers.

Contact us for a demo of Data Helpers and the other efficiency features of the RiskLens platform.

The RiskLens’ vulnerability Data Helpers provided an added benefit to the security team – risk mitigation alternatives specific to the scope of the analysis. The Data Helpers are designed to consider different combinations of control types relevant to different scenarios. By reviewing the list, the team was able to identify which controls they were currently missing and rapidly evaluate the risk reduction they would provide if implemented – all guided by the RiskLens platform.

At the end of the engagement, the executive sponsor asked her team a difficult question – could you do this work yourself, without RiskLens consulting help? The answer was a resounding yes. The combination of carefully thought-out scenarios paired with industry data and curated Data Helpers made the process simple, efficient, and repeatable – giving the team confidence to use it again and again to enable risk-based decisions.