Cyber attacks are a way of life, and not just for the largest companies. In a recent study of mid-to-small sized companies in the U.S., 80% reported at least one security incident last year, yet “a stunning 55% reported having no regular access to any IT security experts, either internal or third party”. The study went on to say that within the IT departments of these same companies, 67% reported having no security certifications. When it comes to cybersecurity, middle market companies are almost on their own.
That’s not acceptable, which is why we founded Cyber Risk Opportunities. Our mission is to enable middle-market executives to become more proficient cyber-risk managers. We decided to help middle-market executives manage their cybersecurity risks in the same deliberative way they manage every other aspect of their businesses.
And that’s the point.
Founded by Kip Boyle (USAF-Rt.), a nationally recognized analyst, lecturer and thought-leader in cyber risks, the vision behind Cyber Risk Opportunities is to help middle-market companies thrive online.
Kip realized that middle-market companies need the same rigorous management practices that he developed as Chief Information Security Officer (CISO) for much larger companies. The problem was that cybersecurity best practices and recognized standards are highly technical and understood primarily by those with highly specialized IT certifications. He saw the need for a customizable, yet scalable, management program that would translate these best practices and standards into an actionable and holistic management program suitable for middle-market companies
Kip also noticed throughout his career that IT professionals in middle-market companies struggle to communicate effectively with business people. Similarly, he noted that business people at times fail to understand the importance of the issues raised by their IT team members. So an effective management program would need to include a systematic business value analysis that helped executives understand the return they were getting for their investment.
Kip observed that effective management seeks continuous improvement through an iterative and highly collaborative effort. He learned over the years that the highest-functioning teams were cross-functional and focused on very specific high-priority objectives. So a high-functioning management program would need to systematically set mitigation priorities in a highly iterative and collaborative way.
Kip noticed that many executives are highly visual, so he learned to communicate a tremendous amount of data using visual tools. Knowing that the average time span executives give to a single subject is under three minutes at a time, Kip would need to summarize highly technical information into readily consumable scorecards and use other visual reporting tools. The visual reporting system improves communication and therefore increases understanding of the state of a company’s cybersecurity management program.
Finally, Kip correctly saw that executives and IT professionals face a dizzying array of consulting services, software and hardware products and cloud-based solutions, all claiming to be the ‘be-all-end-all’ protection against cyber attacks. The world didn’t need another typical consulting company. Kip wanted to be the advocate for middle-market companies- helping them build their understanding of how these disparate products and services might best be deployed to protect themselves. So, the entire Cyber Risk Opportunities offering would need to be designed to ensure the result of the management program was advocacy. Advocacy for the customers.
Cyber Risk Opportunities Managed Programs™
Thus was born the concept of the Cyber Risk Opportunities Managed Programs – a comprehensive management program for middle-market companies that:
Translates Best Practices and Standards into a holistic management program;
Analyses and reports the Business Value derived by mitigation steps;
Builds collaboration between executives, their IT organization and their strategic vendors;
Provides highly effective visual reporting tools;
Provides on-going advocacy; and
Does all this at an effective price.