Overview

As a Fortune 1000 enterprise, Generac has manufactured backup power generation products for residential, commercial, and industrial markets. Generac was the first to engineer affordable home standby generators and is now the top manufacturer of home backup generators. Generac has worked with the US Department of Energy on several initiatives to increase access to energy resilience in communities across the country with installations of solar panels and improved grid flexibility. 

Challenge

Complex Compliance Requirements Across Subsidiaries  |  Reactive Assessments and Reporting  | Lack of Risk-Based Approach

Generac’s team used spreadsheets to track risk and compliance across 15 to 20 subsidiaries. This approach led to several workflow inefficiencies and duplicate efforts for the small team. Since this approach was largely manual, the team could not glean real-time updates on control failures and accurately assess the risk posture across the subsidiaries. With several subsidiaries to track in addition to Generac’s own cyber risk posture, Generac’s security leaders needed a flexible solution that could be implemented across different units for accurate cyber risk assessments while compiling and centralizing all the data in a single risk repository.

Generac’s team needed a solution that could replace manual efforts with automation to focus its efforts on proactively managing cyber risks, holistically assessing its cyber risk posture, and reporting on control changes in real-time. 

Solution

Agile Assessments and Reporting  |  Rapid Cyber Risk Quantification  | Fully Integrated Risk, Benchmarking, and Compliance Strategy

With CyberStrong, Generac’s team can connect control, risk, and financial data to holistically visualize and assess the organization’s cyber risk posture. The team leverages the CyberStrong Risk Register to track and manage NIST CSF maturity for the organization and track compliance with ISO 27001 for its affiliates. Control groups are tied to risks in the Risk Register so that when a control score changes, not only do users get alerts, but their risk posture also automatically updates. This level of control data granularity will enable the team to rapidly respond to emerging risks. From the populated data in the risk register, the team can perform cyber risk quantification (CRQ) using cyber risk quantification (CRQ) to determine the potential financial loss and impact based on historical cyber loss data.

By quickly implementing CRQ, Generac’s CISO and Cyber Director can present cyber insights in financial terms during key leadership and Board discussions to impact decision-making meaningfully and allocate resources for security initiatives. Generac’s team will roll-up risk and compliance data into a centralized dashboard for real-time cybersecurity trend visualization, and point-in-time reporting. This empowers Generac’s team to proactively assess their cybersecurity posture, identify gaps, and ultimately mature their overall cyber risk management program.