top of page

Customer Case Study


A global pharmaceutical company


40,000 employees; 70 global manufacturing sites


Commugen Cyber Security Risk Management


The company was looking to replace its legacy Cyber Risk Management solution. The  Cyber GRC department issued detailed Proof-of-Concept requirements and approached leading global solution providers. 


The company was looking for a modern risk management software. Among the  requirements were:

  • Best practices for risk calculation and aggregation
    (e.g. OWASP, CVSS) 

  • Compliance control repository for regulations and standards
    (e.g. ISO 27001,  NIST, GDPR) 

  • BI capabilities to present relevant risk views to senior management

  • Modern UX 

  • Flexibility in addressing future needs.


Commugen’s Cyber Security Risk Management ticked all the POC boxes, came with a  reasonable price tag, and was by far the most flexible solution. Within 3 months of receiving the PO, the solution was up and running. An unusual feat that beat the  expectations of the company’s CIO, CISO and the GRC team.

“The flexibility we have seen in the POC proved to be even better in practice.  Just after going live, we decided to add risk acceptance workflow.  Do you know how much time it took to implement?  
It took 2 hours! 2 hours!”

The solution quick success and the emerging cyber risk visibility had other implications. Suddenly, business units and IT teams around the globe could see their  cyber risks. Everybody wanted to get on board. It took 2 months from going live to  upgrade a 50-seat license to 150. Another 2 months to upgrade to 250, and at the 6  months mark to go for a site license to satisfy the global internal demand in 38 territories.


Today, Commugen’s Cyber Risk Management solution is part of the company’s IT  daily life. The CISO can watch the up-to-date risk map, and drill-down to specific  territory, plant or asset. 

The cyber risk score is also aggregated by business function. It informs the company’s  VP’s - finance, legal, HR, IT, R&D etc. - of their cyber posture, and helps them  understand what is being done to protect the assets that make their business run. 

With that achieved in 6 months, the solution is expected to expand further e.g., for  integration with Penetration Test automation tools.

bottom of page