Secure Systems Innovation Corporation (SSIC): Facilitating Informed Cyber Risk Decisions

Robert Vescio, Managing Director, Cyber Risk Services, Secure Systems Innovation CorporationRobert Vescio, Managing Director, Cyber Risk Services
The ever-growing need for cyber risk solutions across a multitude of industries in such a fast-paced world provides Secure Systems Innovation Corporation with a front row ticket in the cyber arena. Challenging traditional market concepts, the company empowers customers to make informed cyber risk decisions. “We want to break the status quo,’’ asserts Robert Vescio, Managing Director of the company’s Cyber Risk Services.

US-based SSIC, with an Americas office in São Paolo, Brazil, focuses on making sure their customers, “Have the ability and the need to quantify risk in an objective, scientific and meaningful way with their risk output,” Vescio connotes. “We want to make sure that our risk output is precise, concise, and easy to understand and ensures security, confidentiality and integrity for our customers.’’

More than often, CIOs tend to follow the hype around market trends, creating a major disconnect in the process of making informed cyber risk decisions. There is the idea of “plug-and-play” services floating around the market. However, Vescio points out that simply buying and installing a product will not draw its defense mechanisms out in a time of need, but additional analysis, tuning and calibration are required.

With the growing competition among security service providers, SSIC is shifting the industry focus from improving cybersecurity to focusing on cyber risk management and it boasts the services to lead the way. The company’s X-Analytics model is a patent-pending cyber risk methodology that measures and quantifies the threat likelihood, business impact tolerance and control effectiveness variables and transforms customer-specific data into easy to understand cyber risk executive summaries that illustrate financial risk conditions. Executives and directors can understand the financial impact of their organization’s cyber risk condition at a glance in order to make informed cyber risk decisions.

We want to make sure that all our risk outputs are objective, insightful, and empower our customers to make data-driven cyber risk decisions

“These risk outputs allow the customer to clearly see where they have low risk to severe risk. In addition to that, they allow the customer to understand the probability and cost of a breach, what the damages would potentially look like if they don’t do something, and which risks should be remediated, accepted or transferred,” explains Vescio.

In a scenario where remediation would cost $500,000 and breach damages around $1,000,000, that would be a no-brainer because the remediation would certainly pay off, but not necessarily vice versa. Vescio states that the monetary aspect of the model really helps the customer with decision making. “What is becoming more frequent is insurance companies wanting to leverage the X-Analytics model to improve their ability to underwrite cyber insurance.”

Furthermore, a more than often real world scenario finds CSOs and CIOs struggling to communicate the abundance of their risk-related data to their boards in a way that is easy to understand. “Where we come in is, we put all of that data together into an Executive Dashboard, and explain to the board of directors in a matter of five minutes,” elaborates Vescio. SSIC’s collaborative work ethic and dedication to decision making based on relevant data allows for monthly updates of the X-Analytics model, ensuring that the company always stays ahead of the curve among competitors.

Forging into the future, SSIC looks to expand the partnerships in Brazil and start some new ones in Central America, with Vescio hinting at a “slow, but smart” expansion plan to Europe. Part of being in the consulting and analytics business is that we want to listen to our customers clearly so that we understand how we need to evolve our products and services to meet their expectations,” concludes Vescio.