A brand new way to visualise risk - The Cyber Risk Engine Benchmarking and Evaluation tool

Setting the Scene

Organisations usually seek to understand the risks they face by undertaking maturity assessments. These help to assess their current readiness to meet emerging threats. But they can also help organisations identify the changes they need to make to improve their outlook, from promoting diversity and inclusion to increasing the digital capabilities of their workforce.

Historically, these assessments have been carried out on spreadsheets, with a lot of information and data sitting in people’s laptops. Our Risk Assurance team realised this unintuitive format didn’t appeal to clients, who found it difficult to understand the risks they were facing, or to engage with them in a meaningful way.

This got our team thinking.

Starting with cyber security, one of the fastest growing risks organisations are facing today, the team came up with the idea to create a platform that would enable us to hold all our maturity assessment data in one place. It would allow clients to visualise and explore insights, and support a move away from legacy ways of working. Excited by the prospect, our technology and innovation team worked with external specialists to build a tool that would enable us to bring this idea to life.

How can we help?

We have developed a cloud-based platform to help our clients assess risks more effectively and at a faster rate, while providing a visualisation of the current state of their organisation.

With new legislations such as the GFSC Cyber Security Rules and Guidance, Net Zero as well as the upcoming SWIFT Customer Security Programme (CSP), we believe that the Benchmarking and Evaluation tool will play a vital role in assisting our clients with their readiness.

The ability to have a 360-degree view of technology risk across your organisation is increasingly important; the impact of such risks can cover your supply chain, operational resilience, regulatory compliance, and crucially, stakeholder trust. The Benchmarking and Evaluation tool enables you to benchmark the profile of your risk maturity, in relation the applicable framework, against industry peers, provide insights for your Board and Audit Committees, and assist you in preparing a comprehensive roadmap for improvement in order to avoid risks from materialising.

Covering the end-to-end lifecycle from strategy and governance to design, implement, and operate, the Assessment is aligned to industry frameworks and regulatory good practice to help you best understand your risk exposure and assess your control design maturity. You are then able to reassess progress over time as your organisation continually evolves.

Whether you require a deep dive into specific areas of focus, are looking for insight to assist with Audit planning, or are undertaking a technology risk assessment for the first time, the Diagnostic process will be tailored to your needs. Detailed findings, industry benchmarking and ongoing interaction with key stakeholders throughout the process will support you to drive compliance activities into BAU.

As we continue to develop this tool, we’re keeping our clients front-of-mind by adapting its functions to their evolving needs. We expect it to bring enormous benefits to organisations of all sizes over the coming months and years by helping them transform their approach to navigating risk.

Making a difference

This tool aims to help our clients approach risk management with confidence and face challenges head on. It will help them predict, prepare, act and adapt to some of the most pressing issues facing them today.

In this financial year, we’ll be rolling this tool out across the PwC network, with the aim of creating a consistent global approach to maturity assessments and benchmarking.

We want to use this tool to make a positive impact on society. One of the ways we’re doing this is by allowing our clients to get a clear view of the cyber risk to their organisation. The tool’s cyber security frameworks allow organisations to quantify risks and assess the potential impact of different threat actor scenarios. This is helping organisations make informed decisions that keep their data and information safe in today’s complex and dynamic digital environment.