Company unveils the next generation of its ROAR platform including features to quantify the financial impact of risk and automate workflows
San Francisco — March 28, 2023 — Reciprocity, a leader in information security risk and compliance, today announced that it will be rebranding to RiskOptics to usher in a new era of cyber risk management dedicated to helping Chief Information Security Officers (CISOs) and their organizations turn risk into a strategic business asset. To mark this new chapter, the company also launched the next generation of its Risk Observation, Assessment and Remediation (ROAR) Platform, an offering that provides organizations with a game-changing level of risk insight in the context of business initiatives.
RiskOptics: The Brand Driving Proactive Risk Management
Companies have undergone extreme digital transformations in the last few years and are now more reliant than ever on third party vendors. Unfortunately, according to a February 2023 report by SecurityScorecard and Cyentia Institute, 98.3% of organizations have a relationship with at least one third party that has experienced a breach in the last two years.
Meanwhile, IT teams are understaffed and being stretched thin – especially in cybersecurity, where there’s an estimated workforce gap of 3.4 million people. This talent shortage is becoming more prevalent as data and privacy regulations increase and change at every level of government, making cybersecurity a critical topic in boardroom discussions. Yet, despite these shifts, business leaders still don’t understand what cyber risk is and how it impacts everything a company does – or that it could be used as a strategic asset and core business differentiator.
This is the reason Reciprocity was founded in 2009: to challenge those in charge of Governance, Risk and Compliance (GRC) to move beyond compliance-based practices and embrace a more proactive approach to monitoring for risk. In its next chapter as RiskOptics, the company will further that commitment by empowering CISOs and their teams to see risk differently, effectively communicate that risk and leverage it to make strategic business decisions.
“Business leaders don’t readily understand or easily digest complex risk registers or scores. They care more about how they can expand and grow their businesses, and the CISOs’ role is to communicate the risk associated with those initiatives and how to mitigate it in terms leaders will understand,” said Michael Maggio, CEO and Chief Product Officer at RiskOptics.
“As RiskOptics, we’re empowering CISOs with a platform that can connect the dots between the essential people, processes and technology to reveal unseen risk and break down silos. Think about how easy it is to do your taxes with an online platform like TurboTax – the software asks you what changed, and it tells you the steps you need to take accordingly. That’s how easy it should be for companies to identify risk in relation to business activity, and that’s what RiskOptics will do for businesses.”
ROAR: A Next Generation Platform to Solve Advanced Cyber Risk Challenges
Key to fulfilling this vision lies within the next generation of the ROAR platform. ROAR, launched in March 2022, is designed to give companies a unified, real-time view of risk and compliance. ROAR allows security leaders to quickly understand, quantify and convey the impact of risk on the business aspects they care about the most. The platform delivers a unified view of risk and compliance — framed around specific business priorities — so that CISOs and other security leaders can get ahead of risk by monitoring control effectiveness and getting instantly updated risk scores. When leaders can understand risk within the context of their business initiatives, they can then use that knowledge to inform next steps and enable strategic decision making.
According to The State Of Enterprise Risk Management, 2022 by Forrester Research, “Critical global events — from pandemic to war — reinforce the dynamic and consequential nature of risk. Yet ironically, for firms to innovate, differentiate, and capitalize on new opportunities, they will need to increase their risk-taking capability. To ensure they take on the right risks that balance revenue and reputation, ERM plays a critical role in helping navigate risk to steer their businesses through the changing dynamics, expectations, and requirements. Those firms that elevate their ERM program with the leadership at the right organizational level and right-sized budget are able to drive faster, better strategic decisions.”
To further extend the power and value of its ROAR platform, RiskOptics added increased capabilities designed to easily share the value of risk programs, streamline audit and compliance tasks and ensure controls are always up to date. Specifically, with this latest version, users will be able to:
- Communicate the Impact of Risk on Business Priorities — With ROAR, security leaders can quantify the financial impact of risk based on what a business really cares about — such as expanding to a new geographic market or launching an industry-specific product line — eliminating the reliance on risk scores that business leaders may not understand and translating it to what they do: dollars and cents.
- Automate Tedious, Time-Intensive Processes — ROAR gives infosec teams valuable time back with continuous compliance and framework monitoring that automatically collects evidence, assesses control effectiveness and checks for unexpected changes, ensuring organizations stay in compliance at all times. Likewise, in the next generation of the platform, users can reuse controls and evidence across frameworks to reduce complexity and eliminate audit fatigue.
- Reduce Risk by Strengthening Compliance — ROAR allows users to see how compliance is impacting risk postures using expert provided inherent and target risk scores to get a baseline risk assessment so they can prioritize and focus on areas of high risk to strengthen compliance and reduce organizational risk. The platform makes it easy to scale compliance programs throughout the organization by connecting requirements, controls and risks to maximize efficiency and automatically mapping new frameworks to existing controls. Evidence collection, control testing and the creation of tickets to address gaps and issues are all automated in ROAR.
- Integrate with Existing Tech Infrastructure — Integrations with AWS, Azure, Salesforce, Jira, GCP, GitHub and others — with more on the way — automate evidence gathering and assessment, as well as streamline tasks and workflows, so that infosec teams can focus instead on value-added tasks.
“Having the right GRC platform means that we can take a proactive, data driven approach to risk and compliance without having to rely on overly complicated tools or manual processes,” said Jo-Ann Smith, Chief Information Security Officer & Privacy Officer, Long View Systems. “With the RiskOptics ROAR Platform we can take a more strategic, data-driven approach to seeing, understanding and mitigating risk. With visibility into the organization’s overall risk posture, we have a relevant and current view in support of decisions and future investments. With ROAR, our Board of Directors will have real-time visibility and access to information about our security, risk and compliance programs which is critical to making business decisions.”
RiskOptics is the leader in IT risk management solutions, empowering organizations to convert risk into a strategic business advantage. The fully integrated and automated RiskOptics ROAR Platform provides a unified, real-time view of risk and compliance framed around business priorities, enabling CISOs and InfoSec teams to take a proactive approach to risk management. RiskOptics customers are able to quantify the impact of risk on their business, communicate that impact to key stakeholders and mitigate expensive data breaches, system failures, lost opportunities and vulnerabilities across their own and third-party data while adhering to compliance requirements.