Ariel Evans, CEO85 percent of a company’s value is a digital asset. Cyber risk is now perceived as the second largest business risk, however cyber risk is complex, and most companies rely simply on qualitative metrics. Aon recently reported that cyber events now rank among the top three triggers for D&O derivative actions. Couple this with the new General Data Protection Regulation (GDPR) that has fines of €20m or 4 percent of annual revenue and cyber is now officially a business issue that must be managed by the board of directors. However, most companies still see it as an IT issue and adopt a reactive approach to cyber by layering on more cyber point solutions without understanding their effectiveness and which assets they actually protect or how well. Cyber risk must be quantified to have an effective strategy. Quantifying cyber risk can demonstrate how much insurance to buy, budget needed, and the prioritization of cyber remediation based on the highest impacts to the business. InnoSec, a cyber risk quantification pioneer, is set to address these impediments. The software is a holistic cyber security solution that utilizes a proprietary risk engine to quantify cyber risk in terms of reputational, operational, legal and financial impacts at the virtual asset level and provides a management platform that is a set of dashboards, reports, and workflows for each stakeholder that centralizes all the cyber security activities including risk, vulnerability, compliance, audit, budget, project/ task and vendor management resulting in a significant ROI. “We help clients understand cyber exposures and define an effective cyber security strategy that improves their cyber resiliency,” remarks Ariel Evans, CEO, InnoSec.
InnoSec's cybersecurity risk management solution, STORM first inventories a client’s virtual assets and runs machine learning algorithms to verify the quality of the data, quantifies their risk and provides near real time data when a cyber finding raises risk above acceptable levels. Once understood, immediate action can be orchestrated in STORM to lower risk back down to the acceptable level. It harnesses security data from any security tool. STORM’s cyber risk engine quantifies cyber exposures in terms of business interruption, data exfiltration and regulatory loss – all metrics that cyber insurance companies will pay for in the event of a breach.
We transform clients in cyber victors rather than cyber victims by enabling the most cyber resilient strategy possible
For instance, in the case of Equifax, InnoSec would have alerted key stakeholders that the breach of that system would not be isolation but would impact a crown jewel system and recommend that the patch management be aligned appropriately to reduce the risk. The solution can determine a gamut of exposures that result from all threat vectors. STORM provides transparency, thought leadership and near real time internal risk metrics and puts firms ahead of cyber.
With its holistic solution, InnoSec has turned corners for numerous companies. For instance, a multinational service provider with operations in Europe and the U.S. had to define a cybersecurity strategy and its effectiveness to the board. After deploying InnoSec's STORM, the client could easily integrate cyber security tool data from various sources and immediately show where risk was too high and quickly move to lower it to acceptable levels. The client lowered their cyber risk by over 30% in the first year.
While InnoSec continues to resolve the intricacies and challenges in enterprise risk management arena, the company aims to grow its footprint globally and help clients with its innovative technology. Today, InnoSec’s clientele includes IBM, Amdocs, Bank of Jerusalem and others in defense, retail, banking, pharma and hi-tech. “We firmly believe that every organization regardless of its size must utilize cyber risk management technology that provides a clear line of sight on the business risk. We offer them both," concludes Ariel.