Cyber Risk Measurement

Our client for this engagement was a high-profile Australian brand whose services are considered critical to the Australian economy.


In support of its continued digital transformation, the client introduced market leading cyber security capabilities through both operational and project-led activities. Due to the level of investment required to deliver this uplift, those charged with governance were seeking comfort that the new capability was effectively reducing their risk profile.

Our role

We performed a strategic and rigorous assessment of how the company managed its cyber security risks to support the organisation’s overall business strategy and objectives. In doing so, we introduced a cyber risk framework that allowed the client to baseline their cyber capability and measure that capability using their existing enterprise risk management model.

What we did

elevenM carried out the following activities:

  • Assessed the client’s threat from a global, local and industry perspective
  • Defined the business impact of the threat
  • Assessed the threat against known technology risks and incidents
  • Validated documented control effectiveness
  • Measured outcomes using the client’s Enterprise Risk matrix
  • Worked with staff to consolidate understanding and messaging of importance of cyber risk management to the client’s business
  • Developed messaging that communicated the outcomes in strategic terms to executives, and which underscores value of continued investment
  • Develop messaging on outcomes for non-executive forums