Your information is under constant threat of being lost or stolen. Your ICT Infrastructures risk being taken offline or, worse still, taken over. Such incidents are happening in 92% of large organisations – if this does not yet include yours, chances are it very soon will. Cyber security is not simply a technical issue, it is a strategic issue that must be owned by the Board and senior executive team.

Failure to develop the right cyber security capabilities, processes and culture in your organisation puts at risk your brand value, competitive advantage, productivity and revenue streams, as well as opening you up to direct financial losses, including fines, litigation costs, and increased insurance premiums. Developing the right cyber security strategy not only enables organisations to effectively mitigate the ever increasing and changing set of cyber risks but sets the framework for turning cyber security into a competitive advantage. Having the right cyber security strategy alone is not enough; organisations must develop the capability to manage the risk and execute the strategy.

Lysis financial has an expert governance, risk and compliance team. Our specialists have first-hand knowledge of cyber risk and information strategy management.

Our cyber focused, diagnostic health check measures your readiness against the supervisory risk assessment model with particular focus on not just if you measure up, but also how you present your firm’s capability and readiness to your supervisor.


Cyber security is number four of the five top global risks (Source: WEF Global Risk Report 2012)

Business bears the brunt of the cost of cybercrime in the UK, losing £21bn per year as a result of attacks. (Source: Detica, 2011)

The average total cost for a small organisation to respond to a single cyber incident is between £27.5k and £55k and for large organisations is £280k to £690k. (Source: PWC Report, 2011)

62% of large organisations have been infected by a virus or malicious software. (Source: A Better Way to Battle Malware by Tim Laseter and Eric Johnson, 2011)

What is CRIS?

CRIS (Cyber Risk & Information Strategy) is a comprehensive cyber security solution designed to provide boards and senior executives with a holistic view of their organisational cyber security posture.

Engineered by our specialists and developed in partnership with cyber security experts, CRIS provides you with a full spectrum risk and control framework.

Don’t play games with your information assets

Managing cyber risk is a business-critical activity, and cannot be regarded as simply an IT issue. Cyber risk is different from other types of risk because of the rapid evolution of technology and the resulting fundamental changes in the way business is conducted.

Boards will need to think differently and consider taking wider advice, to ensure they fully understand the issues faced by their company in order to manage the risks appropriately. Your information assets are critical to the success of your firm and must be properly protected. But, protection is not just about firewalls and passwords; your information is an asset that is the business life-blood, it needs to be properly managed and made available, safely to drive the operations and ultimately the success of the firm.

Taking Cyber Risk out of the Server Room and into The Boardroom

What we provide

We provide an information strategy framework that is pre-built and aligned with ISO 27001, IAMM and industry best practice. It identifies your information assets and for each one sets out the critical information and cyber objectives, risks, controls, process and governance requirements. The CRIS framework plugs into your organization and integrates with your existing operations, giving immediate visibility and control over cyber and information risk.

We will identify the gaps in your current operations and develop a cyber risk roadmap, prioritised to deliver the most essential changes.

As the framework is customized and implemented we bake-in an ownership and governance model to engage the key people in the Organisation and then through training to empower the workforce and foster a risk aware culture.

Lysis has an excellent track record of working with its clients to ensure that intrusive intervention and regulatory driven remediation activities become a thing of the past.

Through expert knowledge and first-hand experience of supervisory practices and processes, we deliver anything from a diagnostic health check to full firm re-alignment, enhancing your cyber soundness and information strategy competence.

We will work with you to ensure you are able to:

  • Set and monitor strategic and enabling objectives;
  • Enhance its governance and culture by allocating risk management and routine cyber responsibilities throughout the organisation;
  • Identify and assess its information risks, providing management with an overview of its risk exposure vs appetite;
  • Record and monitor incidents;
  • Identify and monitor key routine processes and time-bound initiatives. re-alignment, enhancing your cyber soundness and information strategy competence.
“Our security is only as strong as the weakest link.” – SIRO, FTSE 100

What are the benefits?

  • A full and detailed analysis of your current situation
  • Gap analysis and clear change roadmap
  • Enhancement or creation of frameworks, policies and processes
  • Enhance the execution of the Cyber Security strategy
  • Deliver a cyber-culture transformation
  • Protect and enhance reputation and brand value
  • Build competitive advantage through developing better and more secure information assets
  • Increase productivity through the secure management of information through its lifecycle
  • Reduce financial losses related to cyber-attacks, such as fines, litigation costs, and reduced insurance premiums
  • Drive revenue increases by being seen as a secure, safe supply chain partner


Our Cyber Change roadmap delivers clearly defined, tangible results with a known duration and cost.

Beginning with an initial discovery phase, we work with you, understand and identify the gaps before setting out the steps to build the necessary capabilility and embedded process for permanent, long-term success.

Each phase is structured to meet key milestones and deliver specified outcomes. Our set programme removes the risk from you by removing the open ended doubt that surrounds so many traditional consultancy engagements, which can leave you with little more than a large bill and questions to answer.

We enable you to engage specialists to help overcome your challenges without the worry.

“We enable you to engage specialists to help overcome your challenges without the worry”


For the past 15 years, Lysis Financial has helped businesses reduce their operational losses, reduce the cost of borrowing (through enhanced credit ratings), and free up regulatory capital. Lysis embeds a risk-based strategic approach into its projects and operational decision-making, enabling our clients to be assured of sustainable success.