Case Study
TYPE
Manufacturing & Industrial
LOCATION
Waukesha, WI, United States
Size
5,000-10,000 employees
Generac Power Systems
Challenge
Generac needed an automated solution to replace manual risk and compliance efforts, deliver real-time updates on their cybersecurity posture, and help mature their overall cyber risk management strategy.
Solution
Generac leverages CyberStrong to centralize risk and compliance data across its subsidiaries and organization, glean real-time control updates to eliminate assessment fatigue, and measure their cyber risk posture holistically and proactively.
Overview
As a Fortune 1000 enterprise, Generac has manufactured backup power generation products for residential, commercial, and industrial markets. Generac was the first to engineer affordable home standby generators and is now the top manufacturer of home backup generators. Generac has worked with the US Department of Energy on several initiatives to increase access to energy resilience in communities across the country with installations of solar panels and improved grid flexibility.
Challenge
Complex Compliance Requirements Across Subsidiaries | Reactive Assessments and Reporting | Lack of Risk-Based Approach
Generac’s team used spreadsheets to track risk and compliance across 15 to 20 subsidiaries. This approach led to several workflow inefficiencies and duplicate efforts for the small team. Since this approach was largely manual, the team could not glean real-time updates on control failures and accurately assess the risk posture across the subsidiaries. With several subsidiaries to track in addition to Generac’s own cyber risk posture, Generac’s security leaders needed a flexible solution that could be implemented across different units for accurate cyber risk assessments while compiling and centralizing all the data in a single risk repository.
Generac’s team needed a solution that could replace manual efforts with automation to focus its efforts on proactively managing cyber risks, holistically assessing its cyber risk posture, and reporting on control changes in real-time.
Solution
Agile Assessments and Reporting | Rapid Cyber Risk Quantification | Fully Integrated Risk, Benchmarking, and Compliance Strategy
With CyberStrong, Generac’s team can connect control, risk, and financial data to holistically visualize and assess the organization’s cyber risk posture. The team leverages the CyberStrong Risk Register to track and manage NIST CSF maturity for the organization and track compliance with ISO 27001 for its affiliates. Control groups are tied to risks in the Risk Register so that when a control score changes, not only do users get alerts, but their risk posture also automatically updates. This level of control data granularity will enable the team to rapidly respond to emerging risks. From the populated data in the risk register, the team can perform cyber risk quantification (CRQ) using cyber risk quantification (CRQ) to determine the potential financial loss and impact based on historical cyber loss data.
By quickly implementing CRQ, Generac’s CISO and Cyber Director can present cyber insights in financial terms during key leadership and Board discussions to impact decision-making meaningfully and allocate resources for security initiatives. Generac’s team will roll-up risk and compliance data into a centralized dashboard for real-time cybersecurity trend visualization, and point-in-time reporting. This empowers Generac’s team to proactively assess their cybersecurity posture, identify gaps, and ultimately mature their overall cyber risk management program.
Mastered
Visibility & Control of Cyber Risk Posture
Automated
Risk & Control Assessments
Quantified
Cyber Risk in Financials