Cyber Risk International: Using AI to identify risks and protect business
Irish Times Innovation awards finalist in the IT & fintech category automating cyber risk assessment
“I set up Cyber Risk International to assist organisations understand, mitigate and manage cyber risk,” says chief executive Paul C Dwyer.
Founded in 2014, Cyber Risk International was immediately successful in providing cyber security consultancy services to customers but quickly ran into a near insurmountable barrier to growth.
“I set up Cyber Risk International to assist organisations understand, mitigate and manage cyber risk,” says chief executive Paul C Dwyer. “It was successful straight away, and quickly achieved annual sales of over €1 million.”
But that was its outer limit. “We hit a glass wall because we couldn’t hire the right people,” says Dwyer. “We needed highly experienced people who understood not just cyber security and ICT but business as well. We were competing against the likes of Google and Facebook and just couldn’t get them. We were struggling to grow. I thought, if we had a piece of software that could fast track what we do we could get through that wall.”
The idea was to automate the services provided by Cyber Risk International.
“We build cyber frameworks for companies and you have to understand geopolitical, technical and other risks to do this,” says Dwyer. “We looked around for software that could do it but there was nothing out there. That was when I decided to create a piece of technology to do it. I complied a wish list of what it should do and then set about building it.”
The result was CyberPrism, a highly innovative online solution that combines artificial intelligence (AI) with business and cyber intelligence in order to assess the cyber security, risk and privacy management status of an organisation. In essence it produces a cyber risk rating score, not unlike a credit rating, and offers evidence that an organisation is safe to deal with from a cyber security and privacy perspective.
Development of the solution took place in parallel with the consultancy business. “In 2016 we went into a holding pattern with the company and only took on enough business to fund the development of the product,” says Dwyer.
“We launched the finished product at the Cyber Threat Summit 2018, and we left there with €1 million in orders. In effect, we had morphed into a technology firm from being an advisory business.”
The software takes the place of a consultant, says Dwyer. “We produced an algorithm that incorporates AI and it acts like a consultant. Organisations don’t need consultants if they use CyberPrism – they can do it themselves. The answers lie within the organisation.
“All I did as a consultant was get answers from client companies. The solution incorporates a lot of clever stuff, and has numerous unique selling points. It creates a cyber risk metric for an organisation, and the user doesn’t have to understand about cyber risks, the AI does that.”
It asks the same questions a consultant would and generates a score based on the answers received.
“For example, are you working in the UK or the Ukraine? What sector are you in? What about your employees? These are all risk factors, and the software looks at what they mean for the organisation. We received an award for our methodology from Institute for Risk Management.”
The company is in the process of closing an investment round with Enterprise Ireland.
“The funding round will raise in excess of €700,000. Enterprise Ireland has been nothing short of fantastic. They have helped us get to the position where investors are chomping at the bit. Already people asked to buy into the company three times this year.”
Development will continue. “Organisations still face challenges when it comes to interpreting reports. If you are a non-cyber security person and are head of procurement you need to deal with cyber reports on suppliers. The interconnected nature of the supply chain means organisations are assuming responsibility for their suppliers’ security.
“If a supplier produces a report from a cyber security consultant what does that mean? We are working on bringing in natural language processing to present our reports in clear language for easy interpretation. Users won’t have to interpret jargon or be cyber security experts to understand them. We are talking to a few companies about this at the moment. We are not going to try to reinvent the wheel.”
And business is already very good. “Sales will top €1 million this year,” says Dwyer. “We have five people working for us now and will make 15 hires in the next 12 months, mainly in sales, marketing and technical roles. CyberPrism has been approved by the UK government, but we are concentrating on North America at the moment because of the Brexit uncertainty.”