Co-Founder and Chief Executive Haydn Brooks

Finalist in the ‘Most Innovative New Technology of the year’ category in this year’s Water Industry Awards, cyber security firm Risk Ledger is already a winner in many respects.

The Northumbrian, Welsh, Affinity and South East water companies are already using Risk Ledger’s innovative platform – giving them access to the crucial data they need to secure their supply chains – and some of the other ‘big five’ are about to sign on the dotted line too.

Co-Founder and Chief Executive Haydn Brooks, who was included on Forbes’ recent 30 Under 30 business leaders to watch out for list, said: “Our third-party risk management network helps clients improve the cyber resilience of their supply chain at a time when the threat of attack has never been greater – you need only look at the massive supply chain cyber-attacks on Microsoft’s Exchange Mail Servers and Solarwinds’ Orion network monitoring software for evidence of that.

“Third-party cyber risk management was identified as one of the key focuses for the industry in the UK Water Sector Cyber Security Strategy 2017-2021, so it’s no surprise this has filtered through to the awards ceremony.”

Having graduated from Imperial College London in 2014, Haydn was working on client-facing teams at KPMG and Deloitte when he came to understand the magnitude of the cyber threat to industry supply chains.

“There were two big problems,” he said. “Firstly, supply chains were getting more complex as they went through digital transformation and began working with more third parties, and secondly supply chain cyber-attacks were becoming more and more efficient whilst the traditional defences became less and less effective.”

At the heart of Risk Ledger’s unique solution is a digital network that gives clients the tools to quickly assess the cyber maturity of their suppliers on the platform while making it free and easy for those suppliers to respond to due diligence requests from multiple clients.

Would-be service commissioners in information security and procurement teams can see – quickly and easily – exactly what their third parties are doing to protect themselves and therefore anybody they work with.

Haydn said: “Now we have just over 1000 suppliers on the platform, a new client can join the Risk Ledger platform and within a matter of hours, access consistently updated data about how their suppliers manage cyber security risks on a control-by-control basis.

“This type of supply chain visibility at speed and at scale isn’t possible in any other way.”

“Previously, completing that sort of verification process would have taken months for just a small percentage of the supply chain.”

A key feature is the move away from data collected at a moment in time. Rather than having to update data annually, which is the norm using traditional methods, Risk Ledger does it continuously, monitoring every supplier’s risk controls and providing clients with that data – eliminating the time and cost of annual reviews.

In turn, an accurate picture of the supply chain is available at any point in the calendar, allowing procurement and information security teams to map and identify potential risks in their supply chain, and act accordingly.

“Current third-party risk management methods are so slow and costly, businesses can’t effectively run this important process,” he said. “As a result, we’ve had tremendous take-up at Risk Ledger because, as people often tell us, they have not seen an approach like ours on the market before.

“It comes into its own when we look at critical national infrastructure, such as in the water, energy and telecoms industries, and continuous cyber protection is crucial – where the success of an attack on a supplier can take out a whole critical industry.

“Our platform gives clients the ability to check how their suppliers are actively governing security and to collaborate with them to improve where necessary.”

Haydn worked out of his bedroom for the first six months of Risk Ledger’s existence in 2018. Today the company has an office in London, 15 members of staff (a number he plans to nearly double this year), a string of clients predominantly across the UK and Scandinavia, and a list of over 1000 registered suppliers from 25 countries … and rising!

or tel. 020 3488 5800