Become a member

The Profile is the benchmark for cyber risk assessment.

Free Downloads


  • Download the Profile

    Download File

    SHA1 Checksum: e0300ea6a3ab0bf4295704a9fcd0875dd5bce695

  • See Future Plans

    Download File

    SHA1 Checksum: 5f9be45b2723f3f65dec80ac8013dd44b30f9047

Cancel

How it Works

The Profile is a unified approach for assessing cybersecurity risk.

  • Consolidates 2,300+ regulations into 277 diagnostic statements
  • Gives financial institutions one simple framework to rely on
  • Based on common ISO and NIST categories (Identify, Protect, Detect, Respond, Recover)
  • Adds two categories specific to the financial industry (Governance, Dependency Mgmt.)

73%

Reduction in questions for those firms qualifying as an Impact Tier 4 firm as compared to another widely used assessment

49%

Reduction in questions for those firms qualifying as an Impact Tier 1 firm as compared to another widely used assessment

The Profile scales to a firm’s impact on the global economy.

  • Only nine questions to determine impact tier
  • Fewer, more tailored assessment questions
  • Based on systemic impact—not asset size
  • Subsequent tier review provides roadmap for advanced security

73%

Reduction in questions for those firms qualifying as an Impact Tier 4 firm as compared to another widely used assessment

49%

Reduction in questions for those firms qualifying as an Impact Tier 1 firm as compared to another widely used assessment

Industry-Wide Harmony

The Profile improves cybersecurity across the entire sector.

Institutions

Enabling institutions to focus on what matters most.

  • More time for frontline defense
  • More consistent regulation mapping for policies and procedures
  • Better organization of complex risk management
  • Improved internal progress tracking
  • Better board engagement, prioritization, and funding
  • Streamlined due diligence for third parties and M&A
  • Wider talent pool for recruitment

Regulators

Making regulators’ lives easier.

  • Deeper dives through risk-based approach
  • Enhanced visibility of systemic and third-party risk
  • More consistent responses promote sector-wide views
  • Better cooperation among global supervisory agencies

Ecosystem

Bringing relief to the entire ecosystem.

  • Higher confidence in cybersecurity efficacy
  • Common language for the whole industry
  • Better understanding across sectors and borders
  • Collective action based on common threats
  • More innovation, thanks to standardized format to help prove security measures

Still have questions?


Speak directly to someone about the Profile. Send us a note and we’ll happily address your curiosities.
User Guide
Josh Magri

Managing Director, Founder

Cybersecurity is rapidly evolving.

Financial institutions need a consistent, agile approach to counter widespread threats. That’s why we update the Profile regularly, with major revisions in 2-3 year cycles.

Over the next few years, we plan to augment the Profile with maturity ratings, operational resilience, and language translations. We’ll also create user guides, form alliance partnerships, and expand mappings into new international frameworks.

BACK TO TOP

Membership is open to all organizations within the financial services sector.