Cyber risk assessment

Paladin Cyber’s mission is to make it easy for organizations, especially those without large security teams, to holistically tackle their cyber risk by combining easy-to-implement protection with intelligent automation and expert support to reduce an organization’s cost of risk and mitigate their exposure.

The first step in making companies more secure is always making them understand their company's risk. This case study presents a tool that aims to present to the user the possible dangers that their company is vulnerable to and make them understand how to protect themselves better against them.

🔥
Disclaimer: To comply with my non-disclosure agreement, I have omitted and obfuscated confidential information in this case study. All information in this case study is my own and does not necessarily reflect the views of Paladin Cyber.

-01 INTRO

My role

This is a project that I worked on in 2019. I led the design process of this project from the initial kick-off to the final deliverables. For this project, I collaborated with the rest of the product team, having weekly reviews of the progress and with the main stakeholders. After the design has been finalised, I supported the engineering team during the implementation.

-02 PROBLEM STATEMENT

How aware are you of the dangers of cybersecurity threats?

Every type of small business, regardless of industry, needs to be aware of the dangers of cybersecurity threats. Cybercriminals are constantly modifying their techniques, which means it’s more important than ever to have a cybersecurity plan. The increase in employees working from home exposes vulnerabilities in many companies’ infrastructures. Here are some alarming stats:

-03 BUSINESS GOALS

Raise awareness

Our motto is: “It is our company mission to help small businesses stay in business”. Following this principle, the objective of this project is to raise awareness for the small business owner of the vulnerabilities and the risks they are exposed to and how our tools keep them protected. Having clients that are aware of that will drive sales of cyber insurance and will convince the business owners to encourage the training provided by us.

-04 PROJECT GOALS

What are we trying to achieve?

-05 PROCESS

Design process

Our team follows the Design Thinking methodology, an iterative process in which we seek to understand the user, challenge assumptions, and redefine problems in an attempt to identify alternative strategies and solutions that might not be instantly apparent with our initial level of understanding. This is an iterative and non-linear process in which our purpose is to improve our products by analyzing how users interact with our products and to use that knowledge to try new concepts and ideas.

Step 1: Discover

Step 2: Discover

Step 3: Ideate

Step 4: Prototype

Step 5: Deliver

Step 6: Test

💡
This is an iterative and non-linear process, which means that the design team continuously uses the results to review, question, and improve the initial assumptions, understandings and results. Results from the final stage of the initial work process inform our understanding of the problem, help us determine the parameters of the problem, enable us to redefine the problem and provide us with new insights, so we can see any alternative solutions that might not have been available with our previous level of understanding.

-06 PROCESS

Competitors research

Performing a competitive analysis is one of the earliest research steps in the UX design process. This method provides strategic insights into the features, functions, flows, and feelings evoked by the design solutions of the competitors.

By understanding these facets of competitors’ products, we can strategically design your solution with the goal of making a superior product and/or experience. The outcomes of this research will help orient the team and the stakeholders to the competitive landscape and give us an idea of what user experiences are standard for the market that we are designing for.

-07 PRODUCT THINKING

Get your report

The users can get a free cyber risk report easily, by providing minimum information. Based on their input, we will generate their personalized report in seconds.

-08 PRODUCT THINKING

Our solution: Risk assessment report

This assessment evaluates cybersecurity risk using data-driven, objective, and publicly available metrics together with our proprietary claims data. The findings and recommendations in this report are intended to help proactively identify, quantify, and manage cybersecurity risk.

Summary

The user will start the report with an overview of the results and their criticality. The report goes into detail regarding all of these findings and explains what are they and how it can be solved.

Critical risks

We like to think of cybersecurity threats as being highly technical, difficult to perpetrate, and somehow beyond our understanding. In reality, cyber risk is mostly an operational or team management issue, rather than an IT problem.

The most common method of success attack has always been through employee error.

In the report, we present the most common issues that are caused by untrained employees, and we explain in plain language how can we help them.

Call to action

One of the main goals of the project was to convince the small business owners of the risk that they are exposed to and convince them to act on it – buy cybersecurity insurance and use the tools provided by us to protect themselves against cybercriminals.

Because of that, throughout the report, for each section, a contextual call to action banner has been designed.

-09 THE END

Conclusions

What were the results of the report you might wonder? Well, great! We gave this as a tool for the agents that were selling cyber insurance and we saw a major rise in the number of customers. Before the report, a considerable number of people that were buying cyber insurance were never using this platform, even if it was included for free in the package that they buying but now they were introduced to us, we could see more active users on our platform. The step that followed was integrating this report in the product so that the users have access to it at any given time.