As per the World Economic Forum’s Global Cybersecurity Outlook Report 2022, a breach costs an organisation a significant amount of money, with an average of $3.6 million for each incident. Even more concerning is the growing trend that it takes an average of 280 days for a company to detect and respond to a cyberattack. Let's be straight; complete security in the cyber domain is near impossible. With increasing reliance on digital technologies, the threat of cybercrime increases.  

Cybercriminals are embracing every opportunity to use technology to exploit vulnerabilities in people and businesses. So, what to do? The need is to shift the focus to reinforcing cyber resilience - the ability to move toward real-time prediction and recovery from both malicious and non-malicious events. Founded in 2012, the B2B startup Safe Security is filling this gap. We spoke to Saket Modi, Co-Founder and CEO of Safe Security, to understand how the company is ensuring a safe, secure and resilient cyber domain for enterprises across the globe. 

Towards a robust cybersecurity domain 

"Cybersecurity has become the topmost concern in the boardrooms in 2022, as rightly pointed out by the WEF report, and it has not become an issue overnight. Today, we can't think of running a company which is not technology-enabled. Now, with such a high degree of reliance on digital infrastructure, any impact on the same becomes a business impact, and this needs to be addressed. This is where we come into the picture," said Saket. 

Incubated from IIT-Bombay, Safe Secure (earlier known as Lucideus Tech Private Limited) was recognised by the Government of India as one of the winners of the National Startups Awards 2020. The company was recognised for building a product to simplify the Cyber Security process to a single easy to understand score by looking at various aspects of the problem and devising a specific solution around it. 

The company works in the "Cybersecurity and Digital Business Risk Quantification" (CRQ) space. It helps organisations measure and mitigate enterprise-wide cyber risk in real-time using its ML-enabled tools.  

Safe Security has a product - SAFE. It is a Cyber Risk Quantification platform that automates the consolidation of all signals across the enterprise and then applies data science principles co-developed with MIT to produce actionable insights and quantified risk postures at various levels. With one of the industry's largest repositories of API connectors, SAFE pulls in signals across processes, people and technology for both first and third parties. The output is three things: 

• First, the likelihood of a hack is given in the form of a score ranging between 0-5 for each device. The higher the score, the lower the risk of a hack. It's inversely proportional, to be precise. 
• Second, it will provide prioritised actionable insights. Put simply; it is what an organisation needs to do to up their score, thus making their system more robust to cyber dangers in turn. 
• Third, going beyond the likelihood of getting hacked, the startup also presents the dollar-value impact the risks will add to an organisation's balance sheet. 

This holistic real-time analysis gives leaders the transparency and context they need to measure, manage, and mitigate their cyber risk. However, this process is not as simple as it seems to be. 

Digging into the data 

The ML model is trained with the data collected via various cyber insurance claims and cyber security hacks in various organisations around the world. The model learns, observes the pattern and matches its results with any particular organisation. Once the pattern matches, the model will determine the probability of an organisation getting hacked over the next 12 months.  

Moreover, the company uses five different vectors across an organisation to predict the organisation's breach-likelihood (SAFE Score) and the financial impact of a data breach. 

• People: The company assesses the cyber risk posture of all the employees of an organisation in real-time.
• Policy: Automated assessments of cybersecurity compliances and policies are done. 
• Technology: Real-time and consistent visibility of the dynamic enterprise-wide hybrid technology stack of the company. 
• Cybersecurity Products: The company measures the efficiency of deployed cybersecurity products providing deeper insights on a single dashboard. 
• Third-Party: 360-degree assessment of all third parties in real-time. 

With this, organisations can have proactive, data-driven cyber risk management with the one score that matters, giving them better protection and more confidence to act. Not just organisations, but the product can be used to measure the device safety of an individual too. 

A difficult job 

Companies are getting digital-savvy, and eventually, they create massive data collection systems through multiple interfaces, resulting in huge technological architecture. This complexity itself becomes the weak point for the companies. A defender of the firm, as Saket also agrees, would have to scrutinise each interface for flaws and address them. On the contrary, an attacker only has to locate one vulnerable interface to spread its tentacles.  

"For this very reason, it's interesting to note that the average tenure of a Chief Information Security Officer (CISO) in a Fortune 500 company is as little as 18 months. So, I can say it's a very difficult job," said Saket. 

Way forward 

The mission statement for Safe Security, according to Saket, is to become the de facto industry standard for 3 M's - to measure, manage and mitigate cyber risks. However, this cannot happen until the company works very closely with the government, in not only providing security to the government but also through the government. After all, the government is the main regulator.  

"In this AI revolution, as the companies will transform themselves even more digitally, security standardisation is the need of the hour, similar to an ISI mark on a water bottle marking it safe to drink. Without a standardised risk metric, the road for companies toward digital transformation will be a tough grind," concluded Saket.