GLOBAL HEALTHCARE COMPANY CAN NOW QUANTIFY ITS CYBER RISK TO STRATEGIZE INVESTMENT ON RISK TREATMENT

Industry Healthcare and Life Sciences
Solution Type Cyber Risk Quantification
Needs The client’s existing IT Security team was limited in risk quantification capabilities and needed assistance to understand the magnitude and probability of financial loss associated with healthcare data in non-production systems. Client has been engaged with TUV Rheinland OpenSky in developing and up-keeping the risk register and associated risk statements. Methodologies based solely on compliance frameworks fall short of providing threat-based information to drive meaningful risk management decisions

Support
POC: Our team and the client's risk management teamed up for a pilot assessment focusing on 1 developed risk scenario from the risk register developed by TUV Rheinland OpenSky in accordance with ISO 31000 processes.
Model Risk Quantification: A deep dive analysis was conducted with additional interviews and management consensus in whiteboard sessions to gather information and quantify the risk by inputting values and calculations using the FAIR analysis methodology and risk quantification tool platform through subsequent calibration.  
At the end of the day
The TUV Rheinland OpenSky team was able to educate the client’s CISO team to model the risk through a collaborative approach. The deliverable was an annualized financial loss expectancy which they can use to justify and shape investments or adjust risk transfer / avoidance strategies. A roadmap to expand their ability to do financial modeling was also delivered with follow-ups in threat integration and GRC integration.

Company Profile:

Fortune 500 pharmaceutical and health technology company. Market leader in pharmaceutical distribution with global operations.


Before you leave…
want to sign up for our newsletter?