The Cybernance Platform – Target Industries
Cyber risk exists in some form in any organization with an internet connection and some important data. The Cybernance Platform is useful in any environment large enough to have risk, and has been particularly successful in a select handful of industries. Below are brief summaries of each, with case studies where available.
Cyber risk represents a large and growing opportunity for insurance brokers and carriers alike. The demand for both cyber and directors & officers (D&O) insurance is expanding rapidly. The insurance industry needs to assemble the knowledge, expertise, and tools that will help them capture this growing demand.
Cybernance sits at the intersection of the relationship between the insurer, the broker, and the insured. Our proprietary system helps brokers and the clients talk about cyber risk in terms of national standards, which helps insurance carriers feel more informed about the type of risks they’re underwriting.
Heavily regulated and a constant target for attackers, the financial services industry is awash in risks related to cybersecurity. Pressures to comply with regulators are often in conflict with (and compounded by) real-life cyber threats. The complexity of pursuing cyber resilience and regulatory compliance at the same time is confounding.
Cybernance delivers a central hub for discussions about risk, security, and compliance. Whether you are addressing concerns about NIST, FFIEC, PCI, ISO, or another standard, our Platform translates your capabilities into the language of the framework you choose. Now a CISO and a Compliance officer can sit down to address control structures using a common language.
Another heavily regulated industry with compounded risks, medical services providers have to worry about not only compliance and financial risks, but the risk posed human health and safety. Business managers in this industry need some way to reduce complexity so that they can create effective strategies with prioritized risks.
Cybernance helps medical institutions understand the HIPAA security rule in terms of NIST standards. The two standards are composed of the same fundamental priorities, but have been difficult to cross-translate. With Cybernance, CISOs and Counsel can address the common points of their specific concerns about security and compliance.
The risk of a cyber attack on critical infrastructure – electricity, water, gas – is mounting. Energy and utility providers are under increasing pressure to comply with regulations, and to ensure the robustness of their systems. Leaders need ways to engage with their subordinates and their peers to ensure the resilience of our tightly linked infrastructure.
The Department of Energy uses Cybernance to assess and remediate cybersecurity risks at electric, wastewater, and gas utilities across the US. Our model and workflow give a quick assessment of a complex environment that mixes IT and OT, and helps leaders make decisions about where to focus remediation efforts.
Mission-driven organizations are often overweight on risk and underweight on resources. Limited resources tend to go toward executing on the core mission and maintaining a minimum of staff. Technology investment is a nice-to-have; security is a far-off consideration. Non-profit leaders need to understand their risks relative to cyber threats, and work to prioritize them based on their capabilities.
Cybernance offers these organizations and their boards a quick and affordable way to quantify and report these risks, which are often addressable with adjustments to policy or procedure – not technology investment. Many small victories can be achieved by only investing a little bit of time, sparing financial resources for the core mission.
Colleges and Universities have a unique challenge not replicated in most business environments: users (student and faculty) are distributed and difficult to compel. Access controls are intentionally relaxed, and the default for information sharing is “unrestricted”. Within these cultural constraints, administrators must ensure the safety and privacy of users and the integrity of the system as a whole. They need to understand how to assess and prioritize risks and controls, so that they can create the desired balance of openness and resilience.
Cybernance helps to create a bridge between the CISO and the administrative functions within the institution. By enabling each to understand their institution’s capabilities relative to national standards, the Platform creates a forum where they can have productive conversations about how to handle their specific risks.