Cyber security risk assessments take multiple staff members time to complete. Even once that time has been accounted for (usually with HR, Operations, IT and Legal involved) you still need someone to manage the results. You’ll often have remediation work for the IT team, remediation work for HR, and need someone to oversee those actions are complete. Then you need someone to confirm the new controls are followed, ensuring governance of these cybersecurity updates.
For most firms, what started out as a simple point-in-time questionnaire becomes a complex business process. Calling the eventual system an “assessment” doesn’t give it the justice it deserves.
A new approach
That’s why Drawbridge is introducing a whole new way of managing your business cyber risk.
Our new Cyber Risk Intelligence model brings real-time, live data from your environment, from your reports, from your administration teams, and confirms – not only are your cyber risk controls in place according to a WISP or Cyber Risk Assessment response – but that they are being performed.
A.I. takes what you give it and generates a response based on that information. While speed might have improved, if the data you feed it is the same handwritten responses to a DDQ or CRA, you are getting the same static information passed down year on year. Smarter input means smarter output.
Drawbridge Crosscheck automatic verification reviews aren’t just reading your WISP and ticking a questionnaire box, they are actively verifying the actions performed on your technology and by your team. Drawbridge has developed a manual static cyber risk assessment, one that relied entirely on “trust”, taken it beyond a laborious “…but verify” process – and elevated it to “Trust by Verify”.
Imagine your WISP states that everyone has mandatory MFA. Now Drawbridge Cyber Risk Intelligence will check 365. Perhaps it finds someone requested a temporary exemption that wasn’t lifted. By verifying your teams’ actions, your governance is not only more efficient, its highly accurate too.
We even take the groundwork out of completing your initial cyber risk assessment, with up to 50% of tracked controls automatically populated at the outset. Our time to launch is faster than ever before.
But cyber security is subtle, there is context to consider – finding risks is one thing, assigning criticality is another. Back to our initial point: the data into AI is only as good as you make it, and AI does not circumvent a one-on-one conversation between Drawbridge, our clients and your important service providers. Our highly skilled professional cyber experts will tune your risks to your business, whether discovered in your policies, your technology platforms, or with your vendors; we build the risk priorities and classifications together and allow both Drawbridge staff and systems to guide your governance.
