Man with glasses looking at monitor

Cyber risk profile diagnostic

Back to Cyber Risk Overview
Circular cyber risk emblem Assessment wedge highlighted in purple

Assess: Cyber risk profile diagnostic

Cyber risk is evolving and more complex than ever. Many organizations may inadequately assess their security posture because they do not consider the full spectrum of their company’s cybersecurity outside of technology. Willis Towers Watson decodes this complexity through a fully integrated, holistic plan for managing people, capital and technology risks across your enterprise.

Effective cyber business strategy increasingly requires a formal structure and processes backed by an engaged leadership team. Many companies have work to do.

How confident are you in your cyber risk strategy?

According to the 2017 Willis Towers Watson Cyber Risk Survey, few employers have adopted or articulated a cyber risk strategy with stated objectives and goals for each program.

Only 11% of employers have a cyber risk strategy; only 3% expect to within 3 years

This stems from a lack of a clear business strategy on cyber, ineffective structure and processes and insufficient leadership engagement.

Causes: lack of clear cyber strategy, ineffective structure and processes and insufficient leadership engagement

Cyber Risk Profile Diagnostic

Willis Towers Watson’s Cyber Risk Profile Diagnostic (CRPD) helps organizations identify and analyze their cyber risks, exposures, and vulnerabilities by measuring their current cyber resilience against either the U.S. National Institute of Standards and Technology’s Cybersecurity Framework (NIST CSF) or International Organization for Standardization Standard 27001 (ISO). CRPD provides an approach for baselining cybersecurity that delivers a customized, enterprise-level perspective into the cyber-related threats that exist in and around a business. CRPD clarifies how those threats could affect an organization’s ability to conduct its day-to-day operations and ways to protect the bottom line. Furthermore, it highlights investments to best mitigate against threats, prioritized by impact.

Leveraging these cybersecurity frameworks and international standards, the CRPD:

  • Delivers a board level understanding of an organization’s overall cybersecurity posture that assesses the potential operational, regulatory, and reputational impacts from a set of relevant cyber scenarios
  • Includes a user-friendly online data collection platform that enables delegation of key cyber risk management questions to appropriate stakeholders
  • Offers detailed insights into an organization’s cybersecurity strengths and weaknesses
  • Tailors specific recommendations for cybersecurity improvement and prioritizes them by greatest security impact
  • Supports easy communication with the Board, C-Suite executives, and other stakeholders
  • Provides a platform to evaluate third party risk or conduct due diligence for a significant transaction

Figure 1. Risk overview

Obtain an overview of controls posture and control improvement recommendations by ISO27001 or NIST domain.

screenshot of Cyber Risk Profile Diagnostic risk overview

How the Cyber Risk Profile Diagnostic (CRPD) creates value:

  • Provides a foundation for the evaluation of your cybersecurity capabilities
  • Identifies key cyber risks and vulnerabilities in a detailed cyber risk register
  • CRPD output integrates with Willis Towers Watson’s proprietary analytics tool, Cyber Quantified, providing an accurate input of security posture. This improves the assessment of your cyber loss potential and decision support to optimize your cyber risk transfer strategy
  • Helps prioritize cybersecurity investments to ensure they have the greatest impact on risk mitigation

Deployment Options

The CRPD can be delivered as a self-administered online assessment providing a high level view of your (or third parties’) current maturity against NIST CSF and ISO “gold standards.”

For a more in-depth assessment, the CRPD platform serves as the foundation for a consultative workshop. Based on the framework assessment data collected, a Willis Towers Watson consultant customizes a workshop using a variety of techniques that involves key stakeholders from across the business. This engagement provides an inventory of your organization’s major cyber risks and an understanding of their impact to the business, ultimately resulting in decision support for effective capital allocation and mitigation strategies.

The CRPD platform and process can also be tailored to address specific cybersecurity concerns.

Figure 2. Heat Map

Build an optimal controls improvement plan.

Screenshot of Cyber Risk Profile Diagnostic dashboard

Why Willis Towers Watson?

More than half of all cyber incidents begin with employees, so it’s a people problem. And the average breach costs $4 million, so it’s a capital problem, too. No one decodes this complexity better than Willis Towers Watson. As a global leader in human capital solutions, risk advisory and broking, we are well prepared to assess your cyber vulnerabilities, protect you through best-in-class solutions and radically improve your ability to successfully recover from future attacks. Explore comprehensive cybersecurity solutions at