The Challenge
A healthcare company was unable to consistently measure cyber risk across its member companies and had difficulty accurately demonstrating the potential financial impact of a successful attack. The organization also struggled with subjective project prioritization that did not use risk impact analysis to drive decisions.
The project centered on achieving an aggregate view of the greatest financial cyber risks across all 40 member companies so that the chief information security officer (CISO) could effectively prioritize resources and have more impactful monetary discussions with the Board. The CISO also wanted to provide each member company with a snapshot of its greatest financial risks.
The Solution
Dataminr’s continuous control monitoring with risk quantification (CCM with RQ) capability provided the client with the ability to objectively evaluate risk as a portfolio across all member companies and prioritize resources based on return on investment and overall risk reduction.
The automated approach to cyber risk quantification and rapid time-to-value was critical in helping this small team operationalize risk analysis at scale.
The Outcome
By leveraging Dataminr’s cyber risk quantification, the CISO of the parent company gained greater visibility into the risk posture of dozens of independent operating companies and could rank them accordingly. The CISO also used these insights to understand which companies were performing well and which required additional attention, helping prioritize awareness efforts and resource allocation.
By enabling each independent company to visualize its greatest financial risks, the CISO was able to lead more data-driven discussions with the Board of Directors. The customer was able to:
Justify Security Investments Across an Enterprise Portfolio
- Compare and contrast investments and initiatives based on risk reduction
- Evaluate whether a proposed investment would deliver meaningful risk reduction
- Prioritize which investments to make, when, where, and how
Determine and Track Critical Assets
Help organizations identify, quantify, and track critical assets, including:
- Applications that house sensitive data such as PCI, PHI, and PII
- Applications critical to business operations and revenue generation
- Assets containing intellectual property or other forms of financial value
Prioritize Vulnerabilities by Financial Impact
- Understand the financial impact of Common Vulnerabilities and Exposures (CVEs)
- Connect technical vulnerabilities to business risk and financial outcomes
Dataminr’s Continuous Control Monitoring with Risk Quantification Capability
Validate control effectiveness with live telemetry and prioritize remediations in dollars—not assumptions or annual snapshots.
Learn More
