Periodic Reporting for period 1 - STORM (The first cybersecurity management system providing evidence based metrics for cyber risk at the business asset level in real-time)
Reporting period: 2017-07-01 to 2017-10-31
InnoSec’s STORM Enterprise version aims to protect the most critical business assets and processes by using a “business-backed” approach. STORM uses a cyber security strategy based on the identification of the importance of business systems (assets) i.e. crown jewel, business critical or business crucial. STORM maps relationships between data asset classifications (intellectual property, credit card data, privacy data, etc.) to business units, business processes systems, and technologies and measures the cyber security risk exposures and costs aligning them to cyber risk tolerance and insurance requirements. The STORM module for GDRP has been specifically designed in way that organizations can achieve full compliance with the new regulation.
• The Value Proposition of STORM and its benefit levels were analyzed and comprehended;
• The product development plan to develop STORM and DREG solutions from current stage to the final version was prepared;
• The Risk Assessment and Contingency plan was prepared for the innovation project;
• Cost of the product development over 2 years is estimated around €1.325 M, consisting of €1.07 M direct costs and €255 k indirect costs;
• Key emerging regulations, such as the GDPR were researched and elaborated;
• The overall European market and the target markets of UK, Germany, Benelux were assessed in terms of market trends, drivers, key players and potential first users;
• Based on this, the ambition of InnoSec is to commercialize STORM to the following user segments:
- financial institutions, such as banks, who process critical data (including privacy data) and transactions, of which loss or corruption will directly result into financial losses and loss of reputation
- data processors, such as First data, who process critical data (including privacy data) and transactions, of which loss or corruption will directly result into financial losses and loss of reputation
- insurance companies, who collect, process sensitive customer (including privacy data) and transactional data, but also manage savings
• Based on the commercialization plan, depth financial projections for the next 5 years were prepared that confirmed the highly attractive economics of the innovation project.
During Phase 1, dozens of discussions took place with potential users and re-sellers based on which InnoSec was able to better define the objectives and the next steps. In summary, Phase 1 convinced the management of InnoSec to further pursue the idea and to prepare next steps towards the product development, to be conducted with the help of Phase 2 of the Horizon 2020 grant scheme.
STORM complies with the EU Data Protection Directive and anticipates the upcoming General data protection regulation (GDPR), since the project will enhance the level of personal data protection for individuals and increase business opportunities in the Digital Single Market. InnoSec contributes to the recent European Agenda on Security by offering to the European businesses a tool to ensure more safe and effective management of their data.
The successful demonstration of the beta version of STORM will fully validate the technology and InnoSec is confident that re-sellers will be interested in the commercialization.