Case Study: RMS
RMS models and solutions help insurers, financial markets, corporations, and public agencies evaluate and manage global risk throughout the world. RMS has over 1,500 employees across 13 offices in the US, London, Bermuda, Zurich, India, China, Japan, Singapore, and Australia, with products and models covering six continents.
RMS leads an industry that the company helped to pioneer— catastrophe risk modeling – and continues to innovate. In May 2019, RMS announced the launch of Risk Intelligence™ (RI), an open, flexible and future-proof platform for strategic risk management. Through this purpose-built platform, clients can tap into RMS HD models, rich data layers, intuitive applications and APIs that simply integrate into existing enterprise systems to support business decisions across underwriting, risk selection, mitigation and portfolio management. Insurers, reinsurers, trading companies, and other financial institutions trust RMS solutions to better understand and manage the risks of natural and human-made catastrophes, including hurricanes, earthquakes, floods, terrorism, and pandemics.
RMS has grown significantly since its founding in 1989. The firm is continually evolving its solution portfolio, internal business units, and program initiatives to support that growth. One program that underwent tremendous change is the firm’s cybersecurity program, which is headed by Dave Ruedger, Chief Information Security Officer (CISO). Ruedger was brought on board to implement a strategy that would lead to more effective security programs and fewer negative outcomes.
“RMS knew they wanted to invest further in security, and SecurityScorecard was a quick win for us,” explained Ruedger, noting that the company’s rating wasn’t where he wanted it to be when he joined. Ruedger had aspirations to improve the program’s baseline over a three-year period. One of his initial goals was to quickly remediate weaknesses in the firm’s security posture, which was being evaluated by potential clients and could potentially put the firm’s reputation at risk. Second, he wanted to build a team that would oversee four strategic initiatives: Risk and Compliance, Governance and Audit, Security Operations, and Application Security. Lastly, he wanted to measure outcomes of the team’s security efforts so that he could have better conversations internally and align investments with the highest measurable impact for the organization. Ruedger needed funding, personnel, and software resources to carry out the three-year plan.
The RMS security team adopted SecurityScorecard ratings early-on to make a small change that would yield significant improvements. RMS rapidly improved its security posture via SecurityScorecard’s self-assessment tools.
Executive Board Reporting
SecurityScorecard's Board Summary Reports made it easy for Ruedger to facilitate data-driven conversations among internal stakeholders, demonstrate return on cybersecurity investment, and help the organization allocate limited resources to critical areas of cyber risk.
Vendor Risk Management
The SecurityScorecard platform is being utilized for vendor risk management to help the team streamline the risk assessment process, often resulting in significant reduction in time to complete the assessments.
Cyber Insurance Data
SecurityScorecard data helps improve the accuracy of RMS risk models for underwriters, brokers, and insurers, by adding additional context and enrichment to the analysis.
With SecurityScorecard, RMS can map the firm’s security ratings to broadly adopted cybersecurity frameworks, providing continuous assurance that the firm’s security controls are in line with firm-wide risk tolerance levels.
Mergers and Acquisitions
During the due diligence process, many firms are left in the dark when it comes to cyber risk. With SecurityScorecard, deal teams can leverage the ratings to gain more insight and measure the cybersecurity performance of potential acquisition targets or portfolio companies.
RMS benefited from the use of SecurityScorecard to easily remediate weaker areas of the program through the platform’s concise, actionable insights. By standardizing on SecurityScorecard, RMS has moved away from the use of point solutions that require additional resources and training to onboard new technology. In addition, with SecurityScorecard data, RMS can provide additional value added service to its clients.