Aboitiz Power: Powering Data-Driven Decisions - Safe Security
Introducing AI Vendor Risk Management at Gartner Security & Risk Management Summit   –  Learn More
close-icon

Aboitiz Power: Powering Data-Driven Decisions

quote Icon

Moving to SAFE was eye-opening for us. Before SAFE, we believed we were aligned with FAIR, but many of our assumptions remained obscure or understated. SAFE forced us to document every assumption through its structured data inputs explicitly. We dedicated time to meet with stakeholders across the business to capture this data, and while the process was rigorous, we are now incredibly confident in our results because the data came directly from the stakeholders themselves.

Alexander Antukh Alexander Antukh

Chief Information Security Officer

Industry

Utilities and Energy

Geography

APAC

Size & Revenue

4500+ Employees

$3.75B Gross Revenue

370%

Program Effectiveness

$1.6M+

Savings 

How Aboitiz Power Gained 370% Cybersecurity Program Efficiency with SAFE

Aboitiz Power, a leading global energy provider, faced a common cybersecurity challenge: measuring the risk of its complex environment through subjective assessments. For long-time FAIR advocate and CISO Alexander Antukh, the answer was clear. They needed to transition from qualitative health scores to financially backed metrics. The shift to SAFE One has enabled them to quantify top risks for each business unit, analyze cyber interconnectedness and lateral movement opportunities, and secure full budget approval for two consecutive years. Beyond this, Aboitiz Power also used SAFE to offboard low-ROI controls, optimizing costs while right-sizing the security of their critical infrastructure. 

Metrics

  • 11 cascading risk scenarios mapped for interconnectedness
  • 7+ core security systems integrated for continuous data feeds
  • 370% program effectiveness
  • $1.6M+ savings from right-sizing security controls

The Challenges

  • Subjective Assessments: The organization relied on static, consultant-led exercises and qualitative maturity models that lacked financial context.
  • Complex OT Environment: The team struggled to manage diverse risks across 12 business units with interconnected plants.
  • Budget Mandates: They had a mandate to reduce costs while simultaneously needing to onboard new initiatives.
  • Cascading Risks: It was difficult to quantify how a compromise at a smaller, isolated plant could serve as a pivot point to impact critical thermal facilities.

Why SAFE? Decision Making, Budget Optimization, and FAIR at Scale

Aboitiz chose SAFE to operationalize the FAIR framework, viewing the SAFE One Platform as the premier technology solution for implementing FAIR at scale. SAFE stood out for its ability to provide a continuous data feed via integrations, including OT monitoring. The “What If” functionality and Financial Impact Questionnaire (FIQ) were highly appealing, allowing the team to replace obscure assumptions with high-confidence, stakeholder-validated data that business leaders could trust.

“SAFE serves as our central repository for risk data that previously didn’t exist anywhere in the organization. FAIR is the way of thinking, and SAFE is the technological solution that allows us to actually implement and operationalize it.”

Alexander Antukh, CISO

The Moment of Truth

Aboitiz began its SAFE journey in late 2023, integrating core systems such as vulnerability management, OT security monitoring, and firewalls. The Moment of Truth arrived when SAFE empowered the team to identify and offboard low-ROI controls. They achieved cost savings by reducing redundant security at isolated plants while strengthening lateral movement protections to prevent cascading failures. Furthermore, by running “What If” scenarios, they visualized how proposed controls would change their security posture in business terms, leading to full budget approval for 2024 and 2025. 

The SAFE Solution

  • Data Accuracy: Worked with each business unit to capture accurate and reliable data for the Financial Impact Questionnaire, reducing assumptions and leading to more relevant outputs and higher stakeholder confidence. 
  • IT/OT Integration: Integrated SAFE One with IT and OT security signals, providing a unified view of risk across the entire enterprise. 
  • Granular Risk Modeling: Expanded from high-level assessments to detailed modeling of insider threats and interconnected attack paths to improve risk calibration.
  • Strategic Board Reporting: Leveraged SAFE’s financial risk language to present Annual Loss Expectancy (ALE) and ROI, enabling data-backed investment decisions.