How it Works
The Profile is a unified approach for assessing cybersecurity risk.
- Consolidates 2,300+ regulations into 277 diagnostic statements
- Gives financial institutions one simple framework to rely on
- Based on common ISO and NIST categories (Identify, Protect, Detect, Respond, Recover)
- Adds two categories specific to the financial industry (Governance, Dependency Mgmt.)
73%
Reduction in questions for those firms qualifying as an Impact Tier 4 firm as compared to another widely used assessment
49%
Reduction in questions for those firms qualifying as an Impact Tier 1 firm as compared to another widely used assessment
The Profile scales to a firm’s impact on the global economy.
- Only nine questions to determine impact tier
- Fewer, more tailored assessment questions
- Based on systemic impact—not asset size
- Subsequent tier review provides roadmap for advanced security
73%
Reduction in questions for those firms qualifying as an Impact Tier 4 firm as compared to another widely used assessment
49%
Reduction in questions for those firms qualifying as an Impact Tier 1 firm as compared to another widely used assessment
Industry-Wide Harmony
The Profile improves cybersecurity across the entire sector.

Institutions
Enabling institutions to focus on what matters most.
- More time for frontline defense
- More consistent regulation mapping for policies and procedures
- Better organization of complex risk management
- Improved internal progress tracking
- Better board engagement, prioritization, and funding
- Streamlined due diligence for third parties and M&A
- Wider talent pool for recruitment

Regulators
Making regulators’ lives easier.
- Deeper dives through risk-based approach
- Enhanced visibility of systemic and third-party risk
- More consistent responses promote sector-wide views
- Better cooperation among global supervisory agencies

Ecosystem
Bringing relief to the entire ecosystem.
- Higher confidence in cybersecurity efficacy
- Common language for the whole industry
- Better understanding across sectors and borders
- Collective action based on common threats
- More innovation, thanks to standardized format to help prove security measures
Still have questions?

Cybersecurity is rapidly evolving.
Financial institutions need a consistent, agile approach to counter widespread threats. That’s why we update the Profile regularly, with major revisions in 2-3 year cycles.
Over the next few years, we plan to augment the Profile with maturity ratings, operational resilience, and language translations. We’ll also create user guides, form alliance partnerships, and expand mappings into new international frameworks.