About e2e Total Loss Vehicle Management
e2e Total Loss Vehicle Management [e2e] is a nationwide salvage and automotive recycling network made up of independent member organisations. The e2e network provides vehicle recovery, salvage and auction services to its motor insurer clients. All network members are certified to the VRA UK Standard for Reclaimed Parts and e2e provides clients with centralised access to over 500,000 reclaimed parts enabling them to cut motor claims repair costs, reduce their carbon footprint and give customers a positive and expedited claim experience. e2e secures and manages national motor insurance salvage contracts which are serviced collectively by member organisations; adhering to the network’s professional operational and service standards. A respected thought leader and industry voice, the network also provides a host of centralised, added-value services to its members.
Cyber Tzar Service overview
e2e utilizes the Cyber Tzar Risk Management platform to address their cyber risk challenges. They conduct weekly assessments of all websites, web applications, and external and internal infrastructure using the platform’s automated vulnerability scanner. They also benchmark themselves and their member organisations against each other, as well as against the broader marketplace and their direct competition. The recent CREST accredited “Pen Test as a Service” (PTaaS) offering provided them with a thorough and high-quality Security Assessment report. Additionally, the platform served as a system of record during their ISO 27001 accreditation process, demonstrating effective risk management and continuous scanning for new issues.
Notable observations and benefits:
- Comprehensive weekly assessments help identify and address vulnerabilities promptly.
- Benchmarking capabilities allow for comparison with member organisations and the wider marketplace, aiding in understanding their cyber risk posture.
- The Crest accredited “Pen Test as a Service” offering provided a deep and thorough analysis, ensuring the security of their systems and infrastructure.
- The Cyber Tzar Risk Management platform served as a system of record during the ISO 27001 accreditation process, demonstrating effective risk management and control to auditors.
- Accurate risk quantification through the risk matrix and risk group approach helps prioritize and address issues efficiently.
With Cyber Tzar, we have a systematic and proactive approach to managing our cyber risk, empowering us to understand, communicate, and enhance our security posture
What were your business challenges and how has Cyber Tzar managed to address these?
As the CTO ofe2e, we wanted to ensure we were clearly informed and expertly equipped in relation to managing our cyber risk and ensuring the security of our web applications, infrastructure, and data. Cyber Tzar has effectively addressed these requirements by providing a comprehensive suite of products and services tailored to our needs. Their platform allows us to conduct weekly assessments of our web assets and infrastructure, identify vulnerabilities, and prioritise remediation efforts. The automated vulnerability scanner and the thoroughness of the reports generated through the CREST accredited “Pen Test as a Service” offering have been invaluable in strengthening our security posture. With Cyber Tzar, we have a systematic and proactive approach to managing our cyber risk.
What business benefits has Cyber Tzar delivered?
Cyber Tzar has delivered several business benefits to e2e. Firstly, it has provided us with a clear understanding of our cyber risk posture through risk quantification and benchmarking features. Cyber Tzar are able to summarise and prioritise the issues found for effective communication of our cyber risk posture, lifting it up from the low-level technical detail that similar providers deliver. This has enabled us to make informed decisions and prioritize resources effectively. Secondly, the platform’s system of record functionality has helped us in maintaining our ISO 27001 accreditation by demonstrating our control over identified risks and continuous scanning for new issues. This has enhanced our credibility and trust with stakeholders. Lastly, the ability to conduct regular assessments and track security improvements over time has fostered a culture of proactive risk management, further reducing the likelihood of breaches and improving our overall security posture.
Are there any specific (quantifiable) results experienced to date?
Yes, using Cyber Tzar has led to specific quantifiable results for e2e. We have observed a significant improvement in our risk posture over time. Through the risk quantification and risk group approach, we can prioritize and address vulnerabilities effectively, resulting in a reduced number of high-impact risks. Additionally, by utilizing the platform’s change-over-time reports, we can track and measure the effectiveness of our remediation efforts and adapt to evolving threats. This has led to a measurable reduction in the number of vulnerabilities and an overall enhancement of our security posture.
Does the service and capability meet your original expectations?
Yes, the service and capability of Cyber Tzar have met and exceeded our original expectations. The platform provides a comprehensive set of tools and features that have empowered us to effectively manage our cyber risk. We can use the platform with our technology partners to continually manage vulnerabilities and risk. We now have a common language and approach to cyber security that helps us all work together. The automated vulnerability scanner, risk quantification, benchmarking, and the Crest accredited Pen Test as a Service offering, have all proven to be invaluable in strengthening our security posture. The platform’s intuitive interface and easy-to-consume infographics have made it simple for us to understand and act upon the findings. Overall, Cyber Tzar has provided us with a robust and reliable solution that aligns with our business needs.
Would you recommend Cyber Tzar to other companies?
Absolutely, I would highly recommend Cyber Tzar to other companies. The platform’s comprehensive suite of products and services, along with its user-friendly interface, make it an excellent choice for managing cyber risk effectively. The ability to conduct regular assessments, benchmark against industry standards, and track security improvements over time provides invaluable insights and has helped us stay ahead of potential threats. Furthermore, the platform’s integration with ISO 27001 accreditation requirements and the depth of the Pen Test as a Service offering, makes it a well-rounded solution for any organisation seeking to enhance its cyber risk management capabilities.
What are the next steps you envisage in your collaboration with Cyber Tzar?
In our collaboration with Cyber Tzar, we foresee expanding our usage of the platform and exploring additional features to further strengthen our cyber risk management. We plan to continue conducting regular assessments of our web assets and infrastructure to ensure ongoing security. Additionally, we are interested in leveraging the platform’s third-party risk management capabilities to effectively monitor and mitigate risks associated with our suppliers and supply chains. Furthermore, we would like to explore the Insurtech risk analysis feature to gain industry-wide insights and trends in cyber risk. We appreciate the value Cyber Tzar has brought to e2e and look forward to continuing our collaboration to enhance our cybersecurity capabilities.