Case Study: Global Banking and Financial Service Company achieves $20M risk reduction with RiskLens

Using RiskLens to Meet GDPR and NYDFS Cyber Regulations

Global Banking And Financial Service Company, a global banking and financial services holding company with over $300B in assets, needed to prepare for GDPR and NYDFS cybersecurity requirements and decide how to protect customer data at rest. The company wanted to know whether drive encryption would be sufficient or whether it should invest in file encryption for sensitive PII, but its traditional risk-ranking approach could not support an executive decision. RiskLens was brought in to help quantify the risk in financial terms.

Using the RiskLens platform and FAIR-based analysis, the team modeled the exposure of an unencrypted database containing about 40K customer records and compared the impact of drive encryption versus file encryption. RiskLens showed a current-state annualized loss exposure of about $22M, with drive encryption reducing risk by only $1M, while file encryption reduced risk by $20M. When extrapolated across similar databases, the estimated risk reduction reached approximately $4.5B, giving management clear, data-driven support for choosing the stronger encryption approach.