Alternative Thinking around Cyber Security Research
Our research activities are entirely driven by the desire to look beyond the technical horizon into strategy, organisation, governance, corporate culture and the real dynamics of large organisations to deliver real long term protection and value.
We are passionate about listening to our Clients and solving real-life problems. We strive to do the right things and push our Clients to do the right things. We are driven by the desire to see each Client and the Security Industry at large progress over the mid- to long-term.
We always look for contrarian angles to analyse situations and solve problems, and place cross-silos thinking at the core of everything we do in a constant fight against industry inertia and the attitude that consists of defaulting to ready-made solutions
This is the alternative spirit you are going to find in these pages, in our blog, articles and whitepapers.
Different ideas to tackle old problems or shake up the status-quo.
Looking beyond the technical horizon into strategy, organisation, governance, corporate culture and the real dynamics of large organisations to deliver real long term protection and value.
Since 2017, most of our white papers and research reports are produced in collaboration with The Security Transformation Research Foundation, a dedicated think-tank and research body aimed at approaching Security problems differently and producing innovative and challenging research ideas in the Security, Business Protection, Risk and Controls space.
They can be found here on their website.
Other material is available to download below.
Cyber Insurance: Changing Dynamics in a Maturing Market
In the face of non-stop cyber attacks affecting all firms large and small, the market has matured, and skills levels have improved across the board.
Importantly, insurers are paying back, but dynamics are changing and increasingly, insurers are also demanding evidence of cyber robustness from their clients: The market is fast becoming less and less favourable to negligent buyers looking for silver bullets…
Click here to download our white paper.Download
COVID-19, Remote Working and Cyber Attacks
The COVID-19 pandemic has forced governments to introduce a degree of social distancing which makes people entirely reliant on digital services.
Remote working creates new security imperatives around the way staff collaborate and share information (and around the way cyber security teams need to operate). At the same time, cyber criminals are targeting the disorganisation created by the crisis and negligent practices and cyber threats are at an all times high.
More than ever, good security and privacy practices are key to KEEPING THE LIGHTS ON.
We have analysed the implications for small and mid-size businesses in a white paper which can be downloaded here.Download
GDPR: A Catalyst to Drive Real Action around Privacy and Security
Over the past 6 months, social media and the Internet have been inundated with GDPR-related material. Law firms, consultancies – large and small – and even tech firms have all jumped on what they perceive to be a lucrative band wagon. And indeed, the regulation has the potential to be a catalyst to drive real action around security and privacy.
But at the same time, it is key to put things in perspective and look beyond a few very simplistic clichés.
Corix Partners, together with DA Resilience, Next World Capital, Wise Partners in Paris and a number of experts, have analysed the impact the GDPR can have around privacy and security, and is offering a real-life perspective in a whitepaper.Download
Cyber Insurance: Potential Buyers Should Act With Care Over The Mid-Term
There has been a vast amount of hype around cyber insurance in recent years, and many industry players are jumping on the bandwagon because they perceive it to be a lucrative niche.
In reality, the market is still maturing. It presents significant blockages that are confusing brokers, underwriters and regulators, and may limit the value many clients can get from products.
- Lack of actuarial and modelling data, due to the constant evolution of cyber threats, as well as structural data sharing and data reliability issues
- Fundamental lack of specialised cyber-security field expertise at key points in the market
- Conflicting regulatory concerns over mis-selling and systemic risks
- Too few significant court cases to predict how litigation could go
As nobody can predict future cyber-attack vectors, businesses cannot realistically expect to be insured indefinitely against unknown threats.Download
Cloud Computing : Here to Stay … but Transparency is Key for Vendors as Regulation tightens
Since Corix Partners started to look at cyber security in the Cloud back in 2012, its adoption has continued to grow. This is not only attributable to the continued pressure on costs but more importantly due to the realisation that the Cloud can offer greater flexibility and potential reduction in the “time to market”.
Consequently, many organisations have moved some of their services to the Cloud – most noticeably office automation to Microsoft Office 365 or Google Apps for Work. The Harvey Nash / KPMG CIO Survey 2016 “The Creative CIO”, highlighted that four in ten IT leaders use cloud technology to improve responsiveness as well as resiliency.
Corix Partners and Mavintree have explored these changes with a panel of senior IT and Cyber Security Leaders, and summarised their input in this whitepaper.Download
Internet of Things, Big Data, Cloud: Take Security and Privacy seriously to stay in the game
The convergence of IoT, Big Data and Cloud Computing technologies is opening up a very large number of possibilities in terms of new digital products and services.
But for the short-term, at the intersection of technologies and in the midst of the proliferation of (often immature) use cases, the privacy of consumers has become vulnerable. And fundamental cybersecurity principles – if ignored – will lead to breaches and data losses that may damage further consumer confidence.Download
Building a Vendor Risk Management Practice
Don’t focus on Risk: Focus on Controls and on agreeing and tracking remedial actions with key Vendors.
Do not get into the wrong debate and focus Vendors on the reality of their Controls environment (and their contractual obligations towards you), instead of an hypothetical discussion on what could go wrong.Download
BYOD: A risk analysis grid for large corporates
This is not just an IT matter: Large corporates must address this under a broader management perspective and make the decision in consultation with all parties.
This is not for everyone and you should only get into it where it fis your corporate culture, on the right scale, the right staff and the right training: force it on people at your own risk.Download
A balanced approach to cloud computing
CIOs should put all aspects into perspective and base cloud decisions (like most others) on a balanced risk and rewards analysis
You can be more secure in the cloud; Your own initial security maturity (or the lack of it) is a key parameter, as well as the security capability and maturity of cloud service providers and other aspects.Download