Elon Kaplan, President & CEOInvesting in security measures has proven to be a gamble from a financial and risk standpoint. CIOs are under pressure to maintain firms' safety amidst the spiraling occurrence of events. Some common scenarios they face include advanced threats, new emerging technologies, evolving regulatory mandates, cyber insurance norms, and the board's demands concerning budget restrictions and ROI. Organizations' survival is managed with cyber risk prevention measures in place, while still optimizing expenditures. Regardless, trying to minimize all risks across the board from a security perspective negatively affects the bottom-line.
“The cyber risk landscape is very uneven from a cost of investment to cost of attacks perspective,” states Elon Kaplan, President and CEO of Cytegic, an end-to-end, automated cyber risk management platform based in Israel. Powered by patented analytics engines, the company’s ‘Automated Cyber Risk Officer (ACRO)’ platform assesses and simulates the threat landscape and defensive posture. The solution enlightens business owners and board members with a holistic picture of their company’s stance on cyber risk. The analysis results of ACRO can help business owners effectively reduce risk and plan along the complex crossroads of cyber solutions and threats. ACRO quantifies cyber risks and measures it from a financial and value proposition standpoint. In turn, organizations can effectively implement a cyber security strategy and maximize ROI by investing in the appropriate resources.
ACRO leverages three integral components to generate a regulatory compliant, comprehensive and visually enticing cyber risk profile for any organization. Helping clients stay synchronized with the latest cyber risk landscape, the Dynamic Trend Analysis (DyTA) collects, correlates and ranks cyber security threats. The Control Maturity Assessment (CyMA) component evaluates the organization’s existing security control relating to maturity and performance. Additionally, CyMA offers robust data collection using technology and manpower resources pertaining to regulations and other requirements. The Cyber Decision Support System (CDSS) integrates all sources to empower organizations with a full vertical view of risk profiles across each business unit within an organization.
Our ‘Automated Cyber Risk Officer (ACRO)’ platform enlightens board members with a holistic picture on their company’s stance on cyber risk
ACRO provides a valuable, tangible, and user friendly cloud-based or on premise platform that caters to customers' needs. The solution centralizes and streamlines all resources, planning, and tracks value and financial impact. With multi-standard reporting capabilities, an organization can quickly identify their stance with regards to mandates such as NIST, ISO, HIPAA, PCI-DSS and various other frameworks.
A typical security vs. business decision dilemma of one of Cytegic’s clients substantiates ACRO’s capabilities. A midsized bank was struggling to determine whether to opt-in for an on-premise CRM or a cloud-based offering. Using ACRO, the bank’s CISO was able to simulate the risk profiles of both options, yielding the decision to opt-in for a cloud-based solution. With the use of ACRO, another European Cytegic client in the financial arena identified that their overall cyber risk would not be impacted by the three-year plan they had in place. This conclusion alone saved them millions of Euros in cyber security expenses.
Cytegic is currently adding GDPR—one of EU's most influential standards—into their multi-standard offering. Cytegic is also creating an AI layer of budget optimization for remediation planning that can build alternative plans based on the customer's needs. “The statistics and the comparative analysis that is deployed in the system are based on very sound, scientific research. My experience as a former professor of psychology had me involved in building predictive systems for complex organizations. The ACRO platform is an open box that enables the end user to fine tune it to their own methodologies and needs and knowledge,” concludes Kaplan.