Summary:
The client had established the basics of a cyber risk management program (involving information classification, IT system assessments, and third-party risk assessments. The CISO wanted a pharma-tailored “value-at-risk” focused quantification methodology incorporating holistic pharma risks (not just loss of personal information and customer data). The Reveal Risk team brought in a deeply experienced life sciences team with over 80 years of combined expertise in pharma to tackle the challenge.
Outcomes:
- Pharma specific tailored quantification model using inputs from several best practice frameworks that allowed senior leadership to evaluate risks and areas for additional necessary investments
- Provided the ability to utilize internal and external assessments as inputs to drive decisions from quantifiable risk analysis
- Helped to unearth and clarify some misperceptions that some business areas “did not have much risk”
“The experience of working with the Reveal Risk team is refreshing. The whole engagement right from initial scoping, attention to details in planning, listening to our feedback during execution, and ensuring that the project is on the right track. I was especially struck by the efficiency of the engagement end-to-end with a high-quality outcome. I would not hesitate to work with you and your team again for complex and demanding InfoSec projects in a global environment like ours. Well done to your entire team.”
Chief Information Security Officer
Ireland-based Pharmaceutical Company
