IHG Hotels Customer Spotlight

quote Icon

We have a number of really good initiatives we would like to pursue right now but need help in better prioritizing them based on the positive impact to our risk profile.

David Jordan David Jordan

SVP & Chief Information Security Officer, IHG Hotels & Resorts

Hospitality

Data Ingestion

SME Informed (BISOs collected financial inputs through data gathering with business partners and leveraged HVA control assessments)

Use Case

Positive Business Outcomes

SAFE has added a new capability that has aided IHG in achieving their desired business outcomes, including the ability to understand and communicate top risks across IHG’s HVAs; the ability to cost-effectively allocate budget based on risk as part of the annual budgeting process; and the ability to drive selection of which risks tÍo treat based on risk quantification.

Before Safe

Before implementing SAFE, IHG had disparate services focused on identifying and managing risk, including performing manual assessments of their High Value Assets (HVAs) with data driven controls posture measurement for some systems. There was a separate threat intelligence process identifying risks that were not integrated with the HVA controls assessment process. IT risk measurement was a qualitative measurement of risk likelihood and impact with little quantitative data to support risk measurement.

After Safe

With SAFE in place, the IHG team can now perform quantitative risk assessments across HVA profiles to inform investment planning during their annual budget cycle. This was the primary goal of Information Security leadership when selecting SAFE and represents a significant maturity and efficiency gain for the team. The IHG team can also perform quantitative measurement of financial impact, to support quantitative measurement of risk impact, and of controls coverage and maturity, to support quantitative measurement of risk likelihood. Controls posture assessments are now updated regularly via systematic methods and API integrations from source systems, and top threat scenarios are assessed monthly in collaboration between Risk and Threat Intelligence teams at IHG.