Corix Partners black banner

Alternative Thinking around Cyber Security Research

Our research activities are entirely driven by the desire to look beyond the technical horizon into strategy, organisation, governance, corporate culture and the real dynamics of large organisations to deliver real long term protection and value.

We are passionate about listening to our Clients and solving real-life problems. We strive to do the right things and push our Clients to do the right things. We are driven by the desire to see each Client and the Security Industry at large progress over the mid- to long-term.

We always look for contrarian angles to analyse situations and solve problems, and place cross-silos thinking at the core of everything we do in a constant fight against industry inertia and the attitude that consists of defaulting to ready-made solutions

This is the alternative spirit you are going to find in these pages, in our blog, articles and whitepapers.

Different ideas to tackle old problems or shake up the status-quo.

Looking beyond the technical horizon into strategy, organisation, governance, corporate culture and the real dynamics of large organisations to deliver real long term protection and value.

Since 2017, most of our white papers and research reports are produced in collaboration with The Security Transformation Research Foundation, a dedicated think-tank and research body aimed at approaching Security problems differently and producing innovative and challenging research ideas in the Security, Business Protection, Risk and Controls space.

They can be found here on their website.

Other material is available to download below.



Data-driven decisions Risk Corix

Building Meaningful, Data-driven Decisions around Risk

Over the past 20 years, Corix Partners and the consultants in its network have been assisting large firms in building effective risk management models.

All too often, we come across situations where those have been built around qualitative perceptions, leading to large number of meaningless “risks” being handled through “ivory-towered” risk registers in complete isolation from the reality of the business, the threats it faces, or the protective measures that are – or are not – in place.

We believe that Risk can be managed only through the sound understanding of the threats the business is facing, the assets it needs to protect and the level of protection it can afford for those assets.

We have developed a structured, quantitative, data-driven approach rooted in the reality of each asset – its nature, its criticality to the Business and its actual level of protection against Threats – to assist business stakeholders in making actionable decisions around Risk Treatment.

Click here to download our white paper, offering highlights of our approach




cyber security skills gap

The Cyber Security Skills Gap: Real Problem or Self-inflicted Pain?

You don’t have to go far these days to find security professionals complaining about skills shortages, and countless media outlets relaying their views.

But there are at least two sides to this argument and the situation requires a more balanced approach. The security industry needs to rebuild its narrative to attract more raw talent at all levels.

Click here to download our white paper, offering 3 lines of actions for CISOs, senior management and HR teams.




cyber security operating models

The Way Forward with Cyber Security Target Operating Models

A Plan of Approach for Senior Executives

Many large organisations across all industries face the same challenges around cybersecurity and privacy: Growing regulatory demands, compounded by escalating cyber threats and skills shortages, and a business landscape dominated by the COVID pandemic and its aftermath.

Very often, their cyber security operating model has simply grown organically over the years and needs re-engineering or re-structuring:

  • to bring it in line with evolving regulatory frameworks;
  • to align it with industry best practices in terms of three lines of defence and risk management;
  • and fundamentally, to give senior executives assurance that their business remains adequately protected from cyber threats across people, process and technology levels.

So what are the best ways to move forward with a cyber security operating model re-engineering programme?

Click here to download our white paper.




Building a Vendor Risk Management Practice that Delivers Real Value

A Guide for Programme Managers

We are delighted to re-issue a totally updated version of our 2015 white paper on this topic.

As the COVID crisis makes most businesses dependent on third-parties and cloud services, keeping a firm grip on vendor risk becomes essential.

More than ever before, keeping things simple, working in the context of each relationship and focusing efforts on key vendors are fast becoming key success factors for any vendor risk management programme.

Click here to download our white paper.




cyber security esg

Cyber Security: Not just an Equation between Risk Appetite, Compliance and Costs

We are delighted to re-issue an updated version of this 2019 white paper, originally published in collaboration with The Security Transformation Research Foundation.

The COVID crisis has changed very little around the cyber security fundamentals, and established good practices – some known for decades – continue to provide protection, as long as they are properly implemented acrosss the real depth and breadth of the modern enterprise.

But the pandemic has made most businesses and most of us heavily dependent on digital services, which in turn rely entirely on digital trust.

Now more than ever, cyber security – as a cornerstone of digital trust – is becoming a matter of good corporate governance, good ethics, and quite simply – good business.

Click here to download our white paper.




cyber insurance 2020

Cyber Insurance: Changing Dynamics in a Maturing Market

In collaboration with Cyber Solace, we have looked back at our 2016 analysis of the Cyber Insurance market, its drivers and its blockers for insurers, regulators and clients.

In the face of non-stop cyber attacks affecting all firms large and small, the market has matured, and skills levels have improved across the board.

Importantly, insurers are paying back, but dynamics are changing and increasingly, insurers are also demanding evidence of cyber robustness from their clients: The market is fast becoming less and less favourable to negligent buyers looking for silver bullets…

Click here to download our white paper.




covid remote working cyber attacks

COVID-19, Remote Working and Cyber Attacks

The COVID-19 pandemic has forced governments to introduce a degree of social distancing which makes people entirely reliant on digital services.

Remote working creates new security imperatives around the way staff collaborate and share information (and around the way cyber security teams need to operate). At the same time, cyber criminals are targeting the disorganisation created by the crisis and negligent practices and cyber threats are at an all times high.

More than ever, good security and privacy practices are key to KEEPING THE LIGHTS ON.

We have analysed the implications for small and mid-size businesses in a white paper which can be downloaded here.






GDPR: A Catalyst to Drive Real Action around Privacy and Security

Over the past 6 months, social media and the Internet have been inundated with GDPR-related material. Law firms, consultancies – large and small – and even tech firms have all jumped on what they perceive to be a lucrative band wagon. And indeed, the regulation has the potential to be a catalyst to drive real action around security and privacy.

But at the same time, it is key to put things in perspective and look beyond a few very simplistic clichés.

Corix Partners, together with DA Resilience, Next World Capital, Wise Partners in Paris and a number of experts, have analysed the impact the GDPR can have around privacy and security, and is offering a real-life perspective in a whitepaper.




Cyber Insurance: Potential Buyers Should Act With Care Over The Mid-Term

There has been a vast amount of hype around cyber insurance in recent years, and many industry players are jumping on the bandwagon because they perceive it to be a lucrative niche.

In reality, the market is still maturing. It presents significant blockages that are confusing brokers, underwriters and regulators, and may limit the value many clients can get from products.

  • Lack of actuarial and modelling data, due to the constant evolution of cyber threats, as well as structural data sharing and data reliability issues
  • Fundamental lack of specialised cyber-security field expertise at key points in the market
  • Conflicting regulatory concerns over mis-selling and systemic risks
  • Too few significant court cases to predict how litigation could go

As nobody can predict future cyber-attack vectors, businesses cannot realistically expect to be insured indefinitely against unknown threats.

Corix Partners and Sequel have analysed the topic in depth throughout the course of 2016 and present their conclusions in this white paper.




Cloud Computing : Here to Stay … but Transparency is Key for Vendors as Regulation tightens

Since Corix Partners started to look at cyber security in the Cloud back in 2012, its adoption has continued to grow. This is not only attributable to the continued pressure on costs but more importantly due to the realisation that the Cloud can offer greater flexibility and potential reduction in the “time to market”.

Consequently, many organisations have moved some of their services to the Cloud – most noticeably office automation to Microsoft Office 365 or Google Apps for Work.  The Harvey Nash / KPMG CIO Survey 2016 “The Creative CIO”, highlighted that four in ten IT leaders use cloud technology to improve responsiveness as well as resiliency.

Corix Partners and Mavintree have explored these changes with a panel of senior IT and Cyber Security Leaders, and summarised their input in this whitepaper.



Internet of Things, Big Data, Cloud: Take Security and Privacy seriously to stay in the game

The convergence of IoT, Big Data and Cloud Computing technologies is opening up a very large number of possibilities in terms of new digital products and services.

But for the short-term, at the intersection of technologies and in the midst of the proliferation of (often immature) use cases, the privacy of consumers has become vulnerable. And fundamental cybersecurity principles – if ignored – will lead to breaches and data losses that may damage further consumer confidence.




Building a Vendor Risk Management Practice

Don’t focus on Risk: Focus on Controls and on agreeing and tracking remedial actions with key Vendors.

Do not get into the wrong debate and focus Vendors on the reality of their Controls environment (and their contractual obligations towards you), instead of an hypothetical discussion on what could go wrong.


BYOD: A risk analysis grid for large corporates

This is not just an IT matter: Large corporates must address this under a broader management perspective and make the decision in consultation with all parties.

This is not for everyone and you should only get into it where it fis your corporate culture, on the right scale, the right staff and the right training: force it on people at your own risk.




A balanced approach to cloud computing

CIOs should put all aspects into perspective and base cloud decisions (like most others) on a balanced risk and rewards analysis

You can be more secure in the cloud; Your own initial security maturity (or the lack of it) is a key parameter, as well as the security capability and maturity of cloud service providers and other aspects.