Hero Diamond Background

AVEVA

Leveraging BitSight to quantify cyber risk and prioritize security investments

Organizations are experiencing an expansion of their digital footprint, and AVEVA is no exception. Over 20,000 customers in 100 countries rely on the company’s secure cloud platform and applications to harness the power of information and improve collaboration. AVEVA supports these customers with solutions and expertise of more than 6,400 partners.

AVEVA

Leveraging BitSight to quantify cyber risk and prioritize security investments

Organizations are experiencing an expansion of their digital footprint, and AVEVA is no exception. Over 20,000 customers in 100 countries rely on the company’s secure cloud platform and applications to harness the power of information and improve collaboration. AVEVA supports these customers with solutions and expertise of more than 6,400 partners.

As a leader in industrial software, AVEVA is a high-value target for threat actors looking to impact global operations and critical infrastructure.

To manage risk across its digital environment, AVEVA chose BitSight for Security Performance Management (SPM) and BitSight for Third-Party RIsk Management (TPRM). The combined solutions enable AVEVA to manage risk more effectively. With BitSight, the company can:

  • Measure exposure to cyber risk using data-driven security ratings.
  • Prioritize areas of its security program for investments and control improvement.
  • Maintain continuous visibility of its extended digital footprint.
  • Assess its suppliers’ security posture.

“Our attention to security is a huge differentiator for us,” said Tim Grieveson, AVEVA’s Chief Security Officer and SVP of Information Security. “It’s crucial to our reputation, market credentials, ESG framework, and ability to attract top talent and BitSight has helped us make substantial progress in managing cyber risk.”

But a critical piece in AVEVA’s security performance management toolkit was missing.

"To properly assess cyber risk and have meaningful conversations with senior executives about its impact, we needed a data-driven framework for quantifying risk in business terms."

Tim Grieveson
Chief Security Officer and SVP of Information Security, AVEVA

“As the company has grown, we realized that making a continued case for the right security investments would only be feasible if we cut through the unfamiliar technical jargon so that the capabilities being built are fully understood by the board and other stakeholders,” said Grieveson. “To properly assess cyber risk and have meaningful conversations with senior executives about its impact, we needed a data-driven framework for quantifying risk in business terms.”

Financial Quantification for Enterprise Cyber Risk Product Screenshot

To achieve its goals, AVEVA selected BitSight Financial Quantification for Enterprise Cyber Risk, part of the BitSight SPM offering.

The solution automates the task of simulating AVEVA’s exposure across multiple cyber events and scenarios (ransomware, denial of service, data breach) and the potential financial losses associated with each – all with minimal user input and without the need for outside consultants.

Using a graphical interface and built-in reports, Grieveson can share insights with the board and C-suite to help bring about a universal understanding of the organization's cyber risk.

“BitSight for SPM provides us with continuous visibility into vulnerabilities that impact our security posture. But Financial Quantification builds on that,” said Grieveson. “We now have a common taxonomy to quantify cyber risk exposure in a language that everyone understands, tell a cohesive story about what that risk means to our business, and guide decisions about security investments.”

"With Financial Quantification, I could quickly visualize the risk burndown of proposed security investments and the financial risk of not allocating funds to certain areas of our security program."

Tim Grieveson
Chief Security Officer and SVP of Information Security, AVEVA

After implementing Financial Quantification, Grieveson realized immediate value.

“I was dubious at first. But it was so simple, within 30 minutes I had real, meaningful insights at my fingertips and started sharing them with the wider business,” said Grieveson.

The implementation was timely too. AVEVA was in the middle of the budget process and Grieveson needed to justify security spend. “With Financial Quantification, I could quickly visualize the risk burndown of proposed security investments and the financial risk of not allocating funds to certain areas of our security program,” he said.

“BitSight gave us a new lens to really question if we were spending money in the right place and the impacts of those investments on our security posture.”

Grieveson also uses the solution to tailor his storytelling to the needs of functional stakeholders, including HR, legal, and marketing. “BitSight has helped us raise awareness of cyber risk across the organization. We aren’t talking about technical controls, we’re having meaningful conversations about security, risk, and governance.”

Furthermore, the solution has helped AVEVA negotiate competitive cyber insurance premiums. “With the data-driven insights that BitSight provides, we can communicate our commitment to security excellence to insurers over time and relative to others in our space,” said Grieveson. “Our risk appetite is also better understood, making it easier to negotiate the type of risk we are willing to accept, mitigate, or transfer.”