Building the Company Profile is the first step in building an X-Analytics profile.
![](https://static.wixstatic.com/media/nsplsh_7de8223576004ca5b8c3ecb060712e0d~mv2.jpg/v1/fill/w_980,h_735,al_c,q_85,usm_0.66_1.00_0.01,enc_auto/nsplsh_7de8223576004ca5b8c3ecb060712e0d~mv2.jpg)
Company Exposure
The Company Exposure includes general information of your company, which includes your primary industry vertical, annual revenue, profit margin, operational hours, operating regions, employee count, end point volume, and other characteristics that help to define incident magnitude (or severity).
![](https://static.wixstatic.com/media/45638f_aaf7ec96292f41febce477d89a163a3d~mv2.png/v1/fill/w_504,h_1170,al_c,q_90,enc_auto/45638f_aaf7ec96292f41febce477d89a163a3d~mv2.png)
Special Note: Company exposure could be the entire macro business (or macro organization), a business unit (logical or geographical), a critical business process, a critical business application, and any other business entity.
Step 1: Select Method for Answering Questions
You have three options for answering the Company Exposure questions.
![](https://static.wixstatic.com/media/45638f_74d26c97e19147b3bae3d5d5419e8507~mv2.png/v1/fill/w_914,h_302,al_c,q_85,enc_auto/45638f_74d26c97e19147b3bae3d5d5419e8507~mv2.png)
Answer All Questions: You begin by answering the first question and continue until you have answered all questions. This option will produce the most reliable estimated cyber exposure values and prioritized remediation guidance.
Only Answer Required Questions: You can select "Show Required Questions Only". This option only shows the least amount questions necessary for estimating cyber exposure values and prioritized remediation guidance. This option is not as reliable as option #1.
Search for Specific Questions: You can use the search box to only answer specific questions based on your search criteria. This option is excellent for making updates to Company Exposure or to quickly validate already provided answers.
Step 2: Answer Company Profile Questions
Based on your selection in Step 1, complete Company Profile by answering the questions. Below is a list of the Company Exposure questions.
Primary industry vertical
Purpose: to define your entity's industry vertical.
Informs: threat landscape, loss probability (all loss categories), and loss severity (all lost categories).
Optional Question: instead of selecting only a primary industry vertical, you may also select a hybrid industry vertical configuration.
Estimated annual revenue
Purpose: to define your entity's revenue.
Informs: business interruption, misappropriation, and ransomware loss probability and severity.
Estimated profit margin
Purpose: to define your entity's profit margin.
Informs: risk transfer benefit associated with business interruption and ransomware.
Operating hours
Purpose: to define your entity's operating hours.
Informs: loss probability and severity for business interruption and ransomware.
Number of employees
Purpose: to define your entity's employee count.
Informs: loss severity and probability for misappropriation.
Number of endpoints
Purpose: to define your entity's endpoint volume.
Informs: loss severity for ransomware.
Cybersecurity budget
Purpose: to define your entity's cybersecurity budget.
Informs: features in board reporting and risk transfer simulator.
Operating regions
Purpose: to define your entity's operating regions.
Informs: loss severity and probability for data breach and misappropriation.
Record types and volume
Purpose: to define your entity's record types and volume. In this case, include all records the entity processes, stores, and/or transfers.
Informs: loss severity and probability for data breach.
Estimated value of intellectual property
Purpose: to define your entity's value of intellectual property. If the entity does no have intellectual property, then indicate zero.
Informs: loss severity and probability for misappropriation of intellectual property.
Estimated value of financial and business strategy
Purpose: to define your entity's value of financial and business strategy as defined within electronic files.
Informs: loss severity and probability for misappropriation of intellectual property.
Electronic payment value and count
Purpose: to define your entity's electronic payment daily value and count. This includes technologies such as SWIFT and ACH.
Informs: loss severity and probability for misappropriation of funds.
Implemented fraud controls
Purpose: to define your entity's fraud countermeasures.
Informs: loss severity and probability for misappropriation of funds.
Data breach penalties and credits
Purpose: to define your entity's data breach penalties and credits. Penalties increase data breach severity and credits decreased data breach severity.
Informs: loss severity and probability for data breach.
Cloud migration
Purpose: to define if your entity is currently working through a cloud migration.
Informs: loss severity and probability for data breach.
IT/OT environment complexity
Purpose: to define the complexity of your entity's IT/OT deployment. For example, a heterogenous environment (or mixed vendor environment) would be complex.
Informs: loss severity and probability for data breach, business interruption, and ransomware.
Revenue recapture
Purpose: to define your entity's ability to recapture revenue after a business interruption or ransomware incident.
Informs: loss severity for business interruption and ransomware.
% of revenue associated with online sales or internet-based services
Purpose: to define your entity's % of revenue associated with online or internet-based functions.
Informs: loss severity for business interruption.
% of revenue dependent on IT, OT, cloud services, or computer-based technologies
Purpose: to define your entity's % of revenue associated with all computer-based technologies. In most businesses today, this is 100%.
Informs: loss severity for business interruption and ransomware.
Highly critical services
Purpose: to define if your entity has highly critical services.
Informs: loss severity and probability for misappropriation of services.
% of revenue associated with highly critical services
Purpose: to define your entity's % of revenue associated with highly critical services.
Informs: loss severity and probability for misappropriation of services.
Margin associated with highly critical services
Purpose: to define your entity's % of revenue associated with highly critical services.
Informs: risk transfer benefit for misappropriation of services.
Liability associated with highly critical services
Purpose: to define your entity's liability cap associated with highly critical services.
Informs: loss severity and probability for misappropriation of services.
Step 3: Complete the Next Section of the Profile Builder.
For further Profile Build guidance, please return here.
Comments