Safe Security: Assessing and quantifying cyber risks
Can you tell me about your company?
Safe Security is a Palo-Alto headquartered Cyber Risk Quantification company, backed by ex-Cisco CEO, John Chambers, BT, and senior executives from Softbank, Sequoia, PayPal, McKinsey & Co., and SAP. We are creating a brand-new category within cybersecurity to quantify cyber risks. Our ML-enabled SaaS platform - SAFE - helps businesses know how likely they are to be breached and the potential financial impact to their business owing to a cyberattack. To date, it is the only cybersecurity platform that assesses and quantifies risk across people, processes, technology for first and third-party in real-time, and provides prioritised actionable insights. This helps security and risk management leaders to either accept, mitigate, or transfer risks.
Our customers, including some of the largest global companies such as Molina Healthcare, NewsCorp, MunichRe, ICICI bank, among others, use SAFE to get an objective view of their risk posture and therefore measure, manage, and mitigate their cyber risks. For example, a Fortune 50 FMCG company uses our platform to manage its third-party risks using our inside-out and outside-in assessments across suppliers and distributors to get a unified, real-time risk posture for all critical third parties in their environment. SAFE is the only product in the industry that has the unique capability to provide this granularity of insights.
Safe Security has grown over 300% and expanded to over ten countries in the Americas, EMEA, and ASEAN region in 2021.
What is your role and responsibilities at the company?
I am the CEO and Co-founder of the organisation. Being the CEO of a fast-growing cybersecurity product startup, my role involves getting very heavily involved in developing our product roadmap, our go-to-market strategy, and defining what the success of the business will look like in the coming years.
A startup is defined by its agility, its flexibility, its ability to adapt in the face of challenges, and most importantly: the people it hires. I’m proud of the team of 200+ rockstars who are the reason behind our success. Even during the “Great Reshuffle”, when the global employee attrition rate was 20.8%, with our company culture of autonomy and accountability we’ve seen an employee attrition rate of just 6%.
What do you think are the major emerging cyber risks for 2022?
Security and risk management leaders are scrambling as the rate of digitisation outpaces that of cybersecurity attackers, who aim to create maximum damage with minimum effort. For instance, as vendor networks become more widespread because of increased interdependence, ‘buffalo jumping’ or ‘one-to-many’ type of cyber-attacks will become more commonplace. Today, businesses inherit the cyber risk posture of not just their direct vendors (third party) but also of their vendors’ vendors (fourth and nth party). We have already seen this happen with SolarWinds, Nobelium, and Kaseya. The Ponemon Institute reports that whilst many businesses continue to outsource critical business processes to third parties, 63% of organisations don’t have visibility into the level of network access and permissions for internal or external users, and have a limited-to-no view of who or what has how much supervised/unsupervised access and why.
At the same time, I anticipate an increase in employee or workforce-related data breaches because of remote and hybrid working. Insider threats have long been categorised as accidental or malicious. Employee risk can arise because of who they are, their history and status of employment, what devices they own, how they access critical information, what level of access they have, and why. Businesses only look at phishing, vishing or Business Email Compromise-like threats, and train employees to reduce the risk of being breached. However, what is required is to aggregate all signals from cybersecurity services such as UEBA (write full form), CASB, company policies, operating system updates, and more to curate a specific employee risk score. Businesses need to continue to direct resources towards detecting vulnerabilities and simultaneously adopt a proactive, objective, and continuous risk assessment strategy across employees, technology, and third parties. This provides a real-time view of how likely businesses are to be breached and an assessment of the financial impact of potential data breaches.
What are the main aims for Safe Security in the next year?
Safe Security aims to move closer to our mission of becoming the global de-facto industry standard to measure, manage, and mitigate cybersecurity risk and champion a safer digital future. We do not just aim to disrupt the way cybersecurity is seen but also to elevate to allied fields where cybersecurity standardisation will enable leaders to make better data-driven decisions. For instance, cyber insurance will become one of our key focus areas as we increase our presence. We will be expanding aggressively within the EMEA region with a special focus on the EU and UK. With cybersecurity, cyber insurance, data science, and AI; Safe Security is aggressively looking to capture a potential trillion-dollar market opportunity.