ROI Case Studies

Discover the ROI of cyber risk quantification in the following case studies. Our customers preserve business value by understanding loss exposure in financial terms; maximize risk reduction by prioritizing risk mitigations based on financial impact; rightsize cybersecurity investments by assessing the adequacy of security budgets; and reduce cyber risk by optimizing cyber insurance coverage.




Learning Institution Assesses Best Architecture To Secure Cloud App

A learning institution used the RiskLens platform to assess the best architecture to secure a cloud application.

The purpose of the analysis was to understand the risk associated with different security encryption strategies related to cloud data. 



Industrial Company Assesses Ransomware Threat

A major industrial company used the RiskLens platform to assess the threat of ransomware.

The purpose of the analysis was to inform management of the significance of an emerging risk, such as ransomware:

  • Threats to employee workstations and shared drives
  • The impact on operations

If access privileges were improved relative to shared drives only, the average loss exposure would be reduced significantly. 

Download the Case Study Presentation






Fortune 100 Performs Cost-Benefit Analysis of Implementing Encryption of Data at Rest

A Fortune 100 Financial Services firm was trying to assess if/how to utilize encryption to protect customer personally identifiable information (PII) stored in databases of different sizes. Data encryption solutions can be very expensive and a cost-benefit analysis was conducted to determine if it was an economically viable data protection solution.

They were able to make a cost-effective, risk-based decision regarding when encryption is required, when it is recommended, and when it is OK not to encrypt.

Download the Case Study Presentation



Large Manufacturing Firm Assesses the Cost-Benefit of an Improved Patching Window

A large manufacturing firm had to react to an audit finding that uncovered that the patching of a critical enterprise platform was typically happening after 6 months of a patch release, versus the 3 months stated in the their security policy. 

Conducting a quantifiable before/after risk analysis to evaluate by how much the application upgrade and the shorter patch window could reduce risk compared to the associated cost resolved the stalemate between the auditors and IT. Armed with the risk reduction and cost data, management was able to make an informed decision on the best course of action to take. 

Download the Case Study Presentation




Large Financial Firm Justifies Security Investment with Risk Quantification Using RiskLens

A leading financial services firm with $2B in revenue and over 3,000 employee workstations has tracked increases in the number of malware incidents over the past year. They have identified a leading vendor service that they believe can help them address this growing issue. However, security management is often challenged by the business when justifying the value of larger security investments using current risk ratings based on a qualitative scale of High, Medium, Low or 1-1000. Security needed to start communicating cyber security risk in financial terms (i.e. dollars and cents).

Download the Case Study





Large Healthcare Provider Assesses the Efficacy of Anti-Phishing Training

A Fortune 100 healthcare provider was trying to assess if email phishing awareness training could reduce the risk associated with spear and regular phishing. It was not clear whether training was the most effective means to reduce phishing risk versus alternative controls.

They were able to determine that training would only marginally reduce risk and that alternative risk mitigations would be preferrable. 

Download the Case Study Presentation