A global pharmaceutical company
40,000 employees; 70 global manufacturing sites
Commugen Cyber Security Risk Management
The company was looking to replace its legacy Cyber Risk Management solution. The Cyber GRC department issued detailed Proof-of-Concept requirements and approached leading global solution providers.
The company was looking for a modern risk management software. Among the requirements were:
Best practices for risk calculation and aggregation
(e.g. OWASP, CVSS)
Compliance control repository for regulations and standards
(e.g. ISO 27001, NIST, GDPR)
BI capabilities to present relevant risk views to senior management
Flexibility in addressing future needs.
Commugen’s Cyber Security Risk Management ticked all the POC boxes, came with a reasonable price tag, and was by far the most flexible solution. Within 3 months of receiving the PO, the solution was up and running. An unusual feat that beat the expectations of the company’s CIO, CISO and the GRC team.
“The flexibility we have seen in the POC proved to be even better in practice. Just after going live, we decided to add risk acceptance workflow. Do you know how much time it took to implement?
It took 2 hours! 2 hours!”
The solution quick success and the emerging cyber risk visibility had other implications. Suddenly, business units and IT teams around the globe could see their cyber risks. Everybody wanted to get on board. It took 2 months from going live to upgrade a 50-seat license to 150. Another 2 months to upgrade to 250, and at the 6 months mark to go for a site license to satisfy the global internal demand in 38 territories.
Today, Commugen’s Cyber Risk Management solution is part of the company’s IT daily life. The CISO can watch the up-to-date risk map, and drill-down to specific territory, plant or asset.
The cyber risk score is also aggregated by business function. It informs the company’s VP’s - finance, legal, HR, IT, R&D etc. - of their cyber posture, and helps them understand what is being done to protect the assets that make their business run.
With that achieved in 6 months, the solution is expected to expand further e.g., for integration with Penetration Test automation tools.