We recently spoke with the Chief Security Officer (CSO) at a world-leading mobile computing company to find out how they are using X-Analytics to elevate their cybersecurity frameworks and bring clarity to their program, without having to take on any additional “burden”.
They are a major global mobile computing company with nearly $5B in annual sales. Despite not being sold in retail stores, their devices are used across a wide variety of industries from distribution, retail, hospitality, banking and even health care.
The CSO has been with the company for the past 6 years. When they joined the business, it was in the early stages of its cybersecurity journey. They had adopted the NIST (National Institute of Standards and Technology) CSF framework and CIS’s (Center for Internet Security) risk matrix to manage their cyber risk.
As they developed their cybersecurity program, they knew they wanted to improve the program,” but working out where to invest next was a challenge. On top of making sure they were investing in the right areas, they wanted to “find a way to take that next step without it being such a burden on the business.”
When they previously tried other methods to quantify risk and optimize decision-making, like the FAIR (Factor Analysis of Information Risk) method, instead of assisting him, he found it cumbersome, too hard and heavy. The CSO said, “The energy put into it – the juice wasn’t worth the squeeze.” He wanted something lighter weight and easier to operationalize than FAIR.
Since deciding that X-Analytics was the cyber risk management solution they needed, they have been a long-time customer of X-Analytics, joining the X-Analytics journey in the early prototype phases of the product. They were instrumental in helping develop X-Analytics from an early-stage model into the fully developed solution we offer today.
But what made them want to come on the journey with X-Analytics?
At the time they were looking for a solution to enhance their cybersecurity program, The National Association of Corporate Directors (NACD) was highlighting the importance of cyber risk quantification – and their support for X-Analytics – so they decided to check it out.
They said, even in the early prototype days, they were impressed. There were only two concerns, which X-Analytics successfully addressed and answered: How hard is it to get the decision [on what we should prioritize], and how credible is the advice? Assured that X-Analytics would effectively bolster their cybersecurity efforts, they decided to become a customer.
We asked the CSO about his experience getting started with X-Analytics and the benefits they’ve seen since he started using it. Here’s what they said:
“I really have to admit it was quite easy. I just encourage people to take that step. Try it out. I think you will be impressed that it gives you another lens with which to view your program and communicate your program. [It helps] answer those questions: Are we doing enough? What would you spend your next dollar on? Are we over invested? It really helps add some credibility to those answers.”
Since working with X-Analytics, they have been able to: