Case Study:  Threat Analysis


Situation

The new head of security at a leading insurance company wanted to understand its threat profile and analyze the company’s prior security performance. The company had captured incident data for many years but never analyzed it. This had been considered difficult as there were several databases and the business mix, geographic footprint and employee population had changed over time. Bellwether was requested to aggregate essential data and undertake the analysis.

 
Approach

Bellwether determined what information was available, identified data-fields core to the analysis and extracted them into a separate database for the incident analysis. Data that were not needed, or contained highly sensitive information, were filtered out and excluded. The information available came from multiple incident-reporting systems and had to be integrated into a single database. This generated a very rich dataset going back 10 years. Relevant historical data such as employee population, square footage, budget, etc. was collated and used to normalize the incident data to allow better comparability. A simple incident taxonomy was developed and all incidents mapped to this to conform the information, facilitate analysis and improve the output.

Analysis & Results

The data roll-up enabled the use of multiple analytic methodologies to identify trends and correlations within each incident segment. Overall, incident rates had increased but when normalized, we were able to show that they had actually declined somewhat. However, this simplified the fact that incident categories were behaving differently; some had grown on a normalized basis whereas the majority had declined. Clearly, the threat profile was changing over time. Cross-sectional analyses identified geographic hotspots and showed which business units were driving overall incident rates. Layering the incident trends onto a corporate timeline showed the company how acquisitions and divestitures had affected incident rates and modified the overall corporate threat profile.

Benefits to Client

Our client was able to see a decade of incident experience in a single comprehensive report. Identification of geographic hotspots, time of occurrence and types of incidents represented reliable information from which to develop targeted mitigation programs and base data-informed, resource re-allocation decisions. The need for an on-going analytic capability within Corporate Security was identified and approved. The new function would enable a real-time analytic capability and vet incident submittals to improve the integrity of future data collected. The analysis clearly identified what was working and what was not. This allowed our client to change the focus of its resources to improve security throughout the enterprise without significantly increasing its budget.