Home / Case Study: Accept Risk

Case Study: Decision to Accept Risk

The Client

Our client is a provider of governance, knowledge, and consulting expertise to 3,500 security and safety agencies.

The Challenge

A legacy production system was discovered to have a 3rd party provided web content management component found to be critically vulnerable. The client could not simply turn off the production system with no viable alternative in place.

The Decision

Formally recorded a risk decision to acknowledge the risk as identified and accepted. Further decisions were made to put compensating controls in place to protect the environment (air gapping / isolating the VLAN).

Long term remediation plans were made to replace the environment with a new solution that provides acceptable security posture.

The Results

Evidence of due care and not being negligent will protect fiduciary leadership as well as company reputation. In case of a future cyber incident against this legacy system, recorded cyber risk management actions and decisions will demonstrate proper protocol and reduce any reputational impact as well as the potential size of post-investigation fines and judgments.

About Maxxsure

Maxxsure offers the most comprehensive cyber risk quantification solution that establishes the foundation by which organizations can make data-driven and financially-vetted determinations as to how much risk to remediate, accept, or transfer via insurance policy adoption.

Maxxsure collects data from your organization and trusted third party resources, uses a robust model to compute your cyber risk -- your M-Score -- and communicates the factors that influence your score. We enable continuous monitoring and provide the most precise estimates of financial loss potential. This reporting equips your team to prioritize cyber initiatives that address your situation as it evolves.

Schedule A Conversation