Cyber risk assessment. Right first time.

At CRMG we live and breathe pragmatic, outcome-focused cyber risk assessment that the business can understand.

Cyber Risk Assessment by CRMG

Effective cyber risk assessment gives you the information you need to drive a cyber security programme that’s based on real business risk. CRMG’s cyber risk assessment approach – delivered via our own platform, Risk Genie – has been developed in-house by our own practitioners who are experienced in the same operational challenges that you’re facing.

CRMG cyber risk assessment follows a straightforward process, underpinned by CRMG’s Threat / Control Matrix which helps you understand, prioritise and address the cyber risks relevant to each of your systems.

The output — a detailed picture of current threats, and the most important controls and actions needed to minimise your exposure.

Build a risk-based cyber security programme guided by an intuitive, business-focused process

Base your decisions on real, not perceived threats

Management-friendly risk heatmaps

What/if functionality to help you prioritise investment

Achieve consistency in assessing and reporting risk across all your systems/ business units.

Cost effective — all the functionality you need, none of the complexity you don’t.

Cyber Risk Assessment by CRMG – Developed by practitioners for practitioners.

Speak To An Expert

How it works

CRMG’s approach guides you through a 6-stage cyber risk assessment via an easy to use visual interface, with predefined industry and technology-specific templates to help you get started.


Assign a criticality value to your information system/asset that reflects the true business impact if it were compromised.


Select the main cyber threats that are applicable to your environment, from a comprehensive library of options.


View the cyber protection measures that will be most effective in combatting the identified threats, powered by CRMG’s Threat / Control Matrix.


Assess the extent to which you are already applying these measures by filling out a simple, auto-generated questionnaire.


Review heatmaps filtered by threat type or property of information (confidentiality, integrity, availability) for a clear picture of potential threats.


Pinpoint the exact actions required to reduce unacceptable risk levels via highly visual drag & drop, ‘what/if’ scenario functionality.

How it helps

Once our cyber risk assessment approach has guided you through the stages above, here’s what you can expect:

  • You’ll have applied a consistent approach to cyber risk assessment throughout all elements of the business.
  • You’ll have identified actionable improvements that bring your level of cyber protection up to a level that matches your risk profile.
  • You’ll be able to respond quickly to areas of potential cyber risk, avoiding unnecessary exposure or damage.
  • You’ll be ready to deliver effective assurance to management, using jargon-free reporting consistent with other elements of business risk.

If that’s where you want to be, let’s talk about how we get there.

CRMG Cyber Risk Assessment in practice — manufacturing

A mid-sized manufacturing organisation, looking for guidance on targeting cyber security spending, implemented Risk Genie as a key component in prioritising cyber threats.

CRMG trained the firm’s IT team in using CRMG’s industry-specific threat profile templates to identify the underlying cyber security requirements of each information asset. CRMG’s Risk Genie platform revealed the key areas of cyber exposure where additional security measures were required.

The result — management is able to confidently assign cyber security spending to areas of real, not perceived risk, maximising ROI and supporting business growth.

Find out more

CRMG Cyber Risk Assessment in practice — banking

A major retail bank, struggling with a fragmented approach to risk assessment introduced Risk Genie to templatise and streamline risk management across a range of environment types.

CRMG implemented multiple control libraries, set up customised reporting and provided training for the bank’s cyber risk managers. Using our Risk Genie platform, we identified instances where key controls were not well enough applied to mitigate risk, enabling fast remediation.

The result — greater structure, consistency and objectivity across the risk assessment process, and elimination of unnecessary spending on ineffective controls.

Find out more

Risk Genie is designed for any organisation — regardless of size or sector — looking for a guided approach to risk-based cyber security.

If you’re ready to get started, set up a call with one of our expert advisors today.