Skip to main content
main content, press tab to continue

Cyber Risk Profile Diagnostic

Willis Towers Watson’s Cyber Risk Profile Diagnostic (CRPD) helps organizations identify and analyze their cyber risks and vulnerabilities by measuring their current cyber resilience against either the U.S. National Institute of Standards and Technology’s Cybersecurity or International Organization for Standardization Standard 27001.

Contact Us

Cyber risk is evolving, growing more complex and virulent. To adequately assess their security posture, organizations must consider the full spectrum of their cybersecurity program. And this extends beyond technology.

More than half of all cyber incidents begin with employees, so cyber risk is a people problem. And the average breach costs $4 million, so it’s a capital problem, too.

With expertise in human capital solutions, risk advisory and broking, Willis Towers Watson is able to take a multidispinary but integrated approach to help you manage cyber vulnerabilities.

Know your cyber threats

Willis Towers Watson’s Cyber Risk Profile Diagnostic (CRPD) provides an approach for baselining cybersecurity that delivers a customized, enterprise-level perspective into the cyber-related threats to your business. CRPD clarifies how those threats could affect your ability to conduct day-to-day operations and identifies ways to protect the bottom line. Furthermore, it highlights investments to best mitigate against threats, prioritized by impact.

Leveraging established cybersecurity frameworks and international standards, the CRPD:

  • Delivers a board level understanding of your overall security posture that assesses the potential operational, regulatory and reputational impacts from a set of relevant cyber scenarios
  • Includes a user-friendly online data collection platform that enables delegation of key cyber risk management questions to appropriate stakeholders
  • Offers detailed insights into your cybersecurity strengths and weaknesses
  • Tailors specific recommendations for cybersecurity improvement and prioritizes them by greatest security impact
  • Supports easy communication with the board of directors, C-suite executives, and other stakeholders
  • Provides a platform to evaluate third-party risk or conduct due diligence for a significant transaction

5 ways the Cyber Risk Profile Diagnostic (CRPD) creates value

  1. 01

    Provides a foundation for the evaluation of your cybersecurity capabilities

  2. 02

    Identifies key cyber risks and vulnerabilities in a detailed cyber risk register

  3. 03

    Integrates with other Willis Towers Watson analytics tools to provide an accurate input of security posture

  4. 04

    Improves the assessment of your cyber loss potential and decision support to optimize your cyber risk transfer strategy

  5. 05

    Helps prioritize cybersecurity investments to ensure they have the greatest impact on risk mitigation

How CRPD works

The CRPD can be delivered as a self-administered online assessment providing a high-level view of your (or third parties’) current maturity against NIST CSF and ISO “gold standards.”

For a more in-depth assessment, the CRPD platform serves as the foundation for a consultative workshop. Based on the framework assessment data collected, a Willis Towers Watson consultant customizes a workshop using a variety of techniques that involve key stakeholders across the business.

Risk assessment overview

Obtain an overview of controls posture and control improvement recommendations by ISO27001 or NIST domain.

This engagement provides an inventory of your organization’s major cyber risks and an understanding of their impact to the business, ultimately resulting in decision support for effective capital allocation and mitigation strategies.

alt tag for the image
Results of mitigation strategies

Build an optimal controls improvement plan.

How confident are you in your cyber risk strategy?

According to the 2017 Willis Towers Watson Cyber Risk Survey, few employees have adopted or articulated a cyber risk strategy with stated objectives and goals for each program.

In 3 years

This stems from a lack of clear business strategy on cyber, ineffective structure and processes and insufficient leadership engagement.

Contact us