Free Cyber Risk Analysis: Your Top Cyber Risks in 3 Clicks

Get Started

Case study

Commonwealth logo


Financial Services & Banking


San Diego, CA, United States


2,000-5,000 employees


Commonwealth Financial Network


In-sourcing of security program from outsourced MSSP support, and using the transition to shift to a risk-first cyber risk management program. This journey illuminated many challenges and opportunities for automating the risk assessment process.


CyberStrong’s Continuous Control Automation™ streamlined the now insourced cyber risk management program and delivered a flexible single source of truth for the team.


For over 40 years, Commonwealth Financial has been committed to providing businesses with financial management assistance. Today, Commonwealth is the largest privately held independent RIA broker/dealer in the US. Commonwealth’s practice management experts lend insights and strategies on firm evolution, staffing, financial analysis, and more to solo practices, multiadvisor ensembles, or large-scale enterprises. In addition to its financial practice, Commonwealth also provides model portfolios for investment solutions and comprehensive solutions to community building, compliance, and marketing.


Advanced Customer Requirements | Siloed Risk and Compliance
Processes | Using Spreadsheets

Commonwealth had been undergoing a two to three-year process of transitioning from an MSSP to an in-house security program, applications, and cloud infrastructure. Along with these structural changes, the firm was phasing out its siloed GRC approach with a renewed focus on cyber risk. Commonwealth ran IT compliance and risk assessments on spreadsheets and needed a solution that automated the process and centralized all data holistically, with the ability to standardize the program across the enterprise while quantifying cyber and IT risk. Starting on their maturity journey led by the CISO and InfoSec team, Commonwealth needed to integrate their systems using a flexible platform for greater dynamic risk visibility and cyber risk quantification such as FAIR. In addition, the business needed to align with standards such as FFIEC, FINRA, NIST, and others as requirements came in without performing another assessment project and increasing redundant efforts.


Unified Risk and Compliance Management | Assessment Automation | Agile, Real-Time Reporting

CyberStrong was able to tackle all of Commonwealth’s cybersecurity program priorities, beginning with the automation of risk and compliance assessments and standardization across business units in a single, flexible system of record. CyberStrong provides a holistic view of risk from the cybersecurity and IT perspective, breaking down the GRC silos that Commonwealth was trying to move away from through a robust feature set, integrations, and intuitiveness.

With the FAIR Model built into the platform, CyberStrong provides rapid risk quantification and displays a flexible view of the business’s mitigated, inherent, and residual risks. Using executive risk reporting, the CISO and Head of Information Security Risk can convey risk data upstream with Standard Risk Reports, Risk Assessment Reports, and Optimization Reports. Commonwealth can use the CyberStrong platform to create a comprehensive risk register to enhance risk tracking and foster a cohesive approach to cybersecurity.

CyberStrong’s NLP-backed crosswalking projects security posture data across frameworks, standards, or custom control sets to solve the problem of redundant assessment projects across frameworks. InfoSec leaders can crosswalk across several regulatory standards, including the FFIEC’s and FINRA, to see current compliance posture results within seconds regardless of the control set, whether custom, voluntary or regulatory.



Manual Spreadsheets for Assessments


Azure & Other Security Tools for Compliance Automation


Rapid Cyber Risk Quantification & Reporting

CyberSaint icon

Free Cyber Risk Analysis

In just 3 clicks, explore your top cyber risks based on your unique industry, company size, and revenue, and learn what controls map to those risks to inform your cyber risk management strategy

Get Started