GRC Viewpoint

KDM Analytics: Taking Cyber Risk Assessment to the Next Level through Elimination of Manual Risk Assessment


Co-Founder & Chief Executive Officer, KDM Analytics

“Our plan for the future is to seek partnerships and collaborations with experts who possess the specific domain knowledge required to address the needs of these industries”

An essential component of every organization’s risk management plan is the assessment of cyber risks. The tech world still has some reliance on manual cyber risk assessment strategies. However, the risk impact assessment carried out manually is hardly error-proof.


Manual cyber risk assessment always carries a risk of being inconsistent. The results of evaluations may alter slightly as different assessors get involved in the process. Besides, various evaluations performed by an assessor can also include discrepancies. Humans are prone to errors. An assessor may need to be aware of a critical vulnerability or make mistakes in their assessment, leading to false positives or negatives. Furthermore, an assessor can only evaluate a limited number of systems or components at a time, leaving blind spots in the organization’s security posture. Besides, manual assessment is undoubtedly expensive, time-consuming, and labor-intensive.

Cyberattacks could disrupt critical systems and wreak havoc on civilian and governmental infrastructure, harming the state and possibly claiming lives. Many cyber-attacks have been the fundamental cause of data loss. Many organizations have been the victims of reputational loss. KDM Analytics is exceptionally focused on altering the scenario by eliminating the need for manual risk assessments. “Our automated cybersecurity assessment solutions can help deal with these challenges by providing a fast, systematic, comprehensive, and standard-based approach that is repeatable and highly customizable. As a direct impact, organizations are allowed to increase the scope, decrease costs, budget, time, and labor, and eliminate human errors and inconsistencies with our approach,” says Djenana Campara, CEO.

Clients of KDM Analytics find it easy to detect, measure, and prioritize the risks related to their technological infrastructure using automated solutions. Customers can leverage proper mitigating controls to protect their systems and data from online dangers. In addition, public safety and emergency management organizations may efficiently manage cybersecurity threats by automating the process, allowing them to concentrate on their primary goal of ensuring public safety. By leveraging a solution that has been successfully implemented in the defense industry, KDM Analytics can customize the existing knowledge base to meet the unique needs of any industry.


KDM eliminates human errors for accurate and consistent assessments. A direct impact of these efforts would reflect on the decisions and effectiveness of security programs. “We identify and prioritize the most significant risks, allocate resources more effectively and focus on addressing the most critical threats. A systematic approach allows stakeholders to track progress and understand how risk is being managed. This helps build trust and confidence in the organization’s security posture. Finally, we ensure our clients meet regulatory requirements effectively. As a result, expenditures due to fines and penalties are quite less,” says Dr. Nick Mansourov, CTO.


Offenders often succeed in cyber-attacks due to their willingness to share knowledge and collaborate, while defenders prioritize protecting their intellectual property and monetizing their solutions. A viable approach will be establishing standards that enable defenders to leverage shared expertise and insights while safeguarding their profits. By implementing standard-based solutions, organizations can integrate with other platforms and exchange information with third-party solutions. All solutions extended by the firm are based on several standards. This is a focus of KDM Analytics, as its members are active in standard organizations and is a driving force for some of the standards in the cybersecurity field.


Conventional GRC assessment methods demand significant manual labor and specialized expertise. The majority of GRC technology has primarily supported these manual processes. Only in recent years, with the arrival of mainstream Machine Learning and AI, have organizations started to offer automated solutions for GRC. Automation is the core aspect of all the activities at KDM Analytics. Some of KDM customers initial skepticism was overcome only when “a smoking gun” was discovered, unfortunately after a cyber incident occurred. This was the exact situation of one client in particular – once the incident was resolved, the customer evaluated the system using the KDM solution. The assessment results highlighted the specific issue as a significant concern, even though it needed to be identified during the original manual assessment conducted before deployment.


“Our plan for the future is to seek partnerships and collaborations with experts who possess the specific domain knowledge required to address the needs of these industries,” concludes Campara.