You know what's crazy? In the 2 months I've been at SecurityGate.io I've learned the word "assessment", for many in the cybersecurity space, is a four letter word.
Bringing up the topic stokes feelings of tense anxiety, stress, dread, frustration, irritation and annoyance. I've learned it brings up visions of lost weekends in spreadsheets and nights spent writing reports. In fact, for those in the roles of conducting assessments, many have such a frustrating time trying to complete them (or even finding the time to work on them), they routinely space the assessments out years apart.
On top of that, the process of running a cyber assessment is costly, whether you've outsourced it to a consultant or, like most do, run it in-house on a spreadsheet. They take so much time away from so many people. For most, lots of travel is required. Teams are pulled off jobs to sit in meeting rooms for Q&A meetings, which causes them to fall behind on production goals. Although everyone understands the importance of risk assessments, it's no wonder why they get such a bad wrap.
SecurityGate.io was born in this culture. The founding team were some of those conducting these assessments and saying, "There has got to be a better way." Our entire platform - every feature - has a story behind it. Each part is one manual process of an assessment eliminated and time given back. Every pre-built, fully automated report is one less report that has to be written from scratch. You get the idea.
We've taken the role of the assessor from a place burdened by tons of tedious, time-taking work in spreadsheets, to being notified when it's done.
An interesting area where you can see the positive change we've brought to the market is in our pricing model. We don't charge per assessment. Why? Here are couple of reasons:
1. Our platform has made risk assessments easy, simple and fast. Because of our automation and non-technical workflows, they move much quicker. Most travel isn't needed anymore. Teams don't have to leave the job site (mobile app that works in low/no coverage areas - hooray!) so operations aren't impacted. Incidentally, this has also brought the costs of assessments way down.
Since they don't take up so much time, there is no need to space them out across quarters or years. In fact, the more often you can update your risk posture, the better data you have to understand your exposure to new threats, and the more confident company leaders can be in understanding current organizational risk.
2. Better yet, assessments can stay open and their answers can change as the business changes. Technically, there is no reason why you ever have to declare an assessment finished or closed. After you've gone through an assessment once, you'll likely start working on remediations and making improvements. With the SecurityGate.io platform, as things are updated, your assessment, risk scores and reports are updated in real-time.
There is no reason to fully re-assess ever again unless there has been some large-scale change to your business or the industry. Make improvements in your business where they need to be made. Our platform takes care of recording the data and building your reports to reflect it. This means, if there is an area of your company that hasn't changed, those teams don't need to be bothered with another assessment on any regular schedule. Think they'll like that? ;)
So, how do we price? We charge per entity. An entity is the facility/vessel/asset/vendor/supplier/etc being reviewed. Whether you fully assess once a year, twice a quarter, on a regular schedule or only when a mistake is found, you don't have to worry about being charged again.
You shouldn't ever have to pay for another assessment if you believe you need one. We believe your company should be able to understand risk as completely as possible and as up to the minute as possible. This makes sure your teams are safer, helps maintain operational up-time and keeps your costs in control. Additionally, leaders can make confident forward-looking decisions because they have a better understanding of risk.
Want to see this in action? Contact us here and we'll show you why so many have chosen SecurityGate.io to help them become leaders and experts at reducing risk in operational environments.