Working with the Security and Risk functions of a client, we defined a series of security risk appetite statements with varying degrees of criticality. For example: “We have zero appetite for customer detriment due to cyber risk.” This statement enabled the team to design metrics such as the number of databases containing customer personal information which are not protected by encryption technology.
ThreeTwoFour turned the detailed metric set into project requirements for embedding into the change process. The higher level metrics were reported to the Board as a single dashboard.
Over time, senior management was able to see the progress towards improving their control over pre-defined areas of cyber risk, without getting lost in technical detail.
The risk to clients that fail to secure their systems are significant with security breaches leading to commercial, reputational, regulatory and legal penalties. Whatever your high risk and urgent cyber security concerns, our experts will ensure you achieve the successful outcome you need.