Victoria’s Secret: Pioneering the Future of Cyber Risk Management

quote Icon

As a cybersecurity executive, I’ve seen numerous tools and heard many promises of bringing together telemetry from all components of our cybersecurity tech stack. Partnering with SAFE, I am excited to see how the platform is tackling the complexities we deal with as risk professionals. The SAFE platform transforms how we measure, prioritize, and communicate risk. We now have better tooling that enables us to see a continuous picture of our risk landscape to support data-driven decision making.

Mark Tomallo Mark Tomallo

SVP, Chief Information Security Officer

Retail

Data Ingestion

Use Case

Unveiling a New Era of Cybersecurity Risk Management

For a brand as iconic as Victoria’s Secret & Co., maintaining a strong sense of security is vital. They understand the world of cyber threats is constantly evolving, and they need a more dynamic approach to risk management. To address this need, Victoria’s Secret & Co. became a key design partner in the development of the FAIR Control Analytics Model (CAM). This collaboration has been transformative for both companies, shifting risk management from manual, complex estimations to one of automated, data-driven insights-a major step forward in cyber risk management.

Challenges

  • Overcome Slow, Inefficient Risk Assessments: Transitioning from lengthy, estimation-based processes to faster, automated analysis.
  • Achieve Comprehensive Risk Visibility: Gaining a granular, real-time view of risks across all business lines, replacing limited, point-in-time snapshots.
  • Adapt to Evolving Cyber Threats: Moving from static assessments to dynamic, continuous monitoring to stay ahead of the changing threat landscape.
  • Enable Data-Driven Security Decisions: Shifting from estimations to quantifiable data to inform IT investments and demonstrate proactive risk management.

Catalyst to Evolve

Prior to implementing SAFE, Victoria’s Secret & Co. relied on traditional risk assessments, a process that was both time-consuming and limited in scope. These assessments often took months to complete, relying heavily on estimations and considering only a limited set of controls. This approach provided a snapshot of risk at a specific point in time, lacking the continuous monitoring and dynamic analysis needed to keep pace with the ever-changing threat landscape.

“As a cybersecurity executive, I’ve seen numerous tools and heard many promises of bringing together telemetry from all components of our cybersecurity tech stack.”

Mark Tomallo, SVP, CISO

CRM Program Transformation

The implementation of SAFE, and their participation as a design partner for FAIR-CAM, has allowed Victoria’s Secret & Co. to increase speed of analysis and move from using a limited control set customized for individual scenarios, to using 68 different controls to assess many scenarios at once. The ability to view the environment across different business lines allows them to highlight the areas of greatest risk and prioritize remediation efforts effectively. This granular visibility has also enabled them to conduct in-depth assessments, understanding the impact of making changes to information technology.

Business Outcomes

The partnership with SAFE has yielded significant positive business outcomes for Victoria’s Secret & Co.:

  • Enhanced Analysis for Cyber Insurance Renewal: SAFE has significantly enhanced the risk analysis for the annual cyber insurance renewal, allowing Victoria’s Secret & Co. to analyze more scenarios. The platform provides clear, quantifiable data that demonstrates their proactive approach to risk management.
  • Data-Driven Decision Making: The shift from estimations to data-driven insights has empowered Victoria’s Secret & Co. to make more informed decisions about their information technology investments. They can now prioritize resources based on quantifiable risk, maximizing the impact of their security spend.
  • A Foundation for Future Innovation: Victoria’s Secret & Co. is already planning to expand their use of the SAFE platform into other cybersecurity use cases, including potentially AI risk management. This forward-thinking approach positions them as a leader in cybersecurity innovation.
  • FAIR Leadership Recognized: The CISO of Victoria’s Secret & Co., a long-time advocate and early adopter of the FAIR methodology, was recently recognized as the FAIR Business Innovator of 2024, a testament to the company’s commitment to advanced risk quantification.

“Partnering with SAFE, I am excited to see how the platform is tackling the complexities we deal with as risk professionals.”

Mark Tomallo, SVP, CISO

With SAFE

Victoria’s Secret & Co.’s groundbreaking work with SAFE demonstrates a commitment to not only protecting their brand and customers but also to pushing the boundaries of cybersecurity risk management. They are setting a new standard for the industry, proving that data-driven insights and automation are the keys to navigating the complex and ever-evolving threat landscape. Their partnership with SAFE showcases how innovative technology and forward-thinking leadership can transform cybersecurity from a reactive necessity to a proactive business advantage.