Case Study: Raiffeisen Bank International achieves enterprise-wide threat modeling and stronger security awareness with IriusRisk

As a Large Organization With Extensive Governance and Regulatory Requirements, Rbi Faced a Long List of Security Requirements Across More Than 300 Apps Distributed Across Its Network

Raiffeisen Bank International, a major banking group across Austria and Central and Eastern Europe, needed a consistent way to manage threat modeling and security requirements across more than 300 apps and multiple subsidiary banks. Its centralized security team had been relying on manual, fragmented processes in Excel and issue trackers, making it difficult to align technical controls with internal governance standards and regulatory requirements.

To address this, RBI chose IriusRisk’s Open Threat Modeling Platform to standardize threat modeling across the group and provide ready-to-use libraries, recognizable components, and an updated threat and countermeasure knowledge base. With IriusRisk, RBI gained central visibility and control over threat modeling, improved security consistency, and shifted security earlier in the development lifecycle; measurable impact includes 94 threat models, 820 components, nearly 40,000 countermeasures, and around 5,900 countermeasures synced to Jira.

Raiffeisen Bank International

Wolfgang Hausner

Expert Security Manager