Skip to main content

“If I were to recommend Thomas Murray to my peers, I would point to their expertise, comprehensive service offering and genuine global perspective in bolstering cyber security measures for organisations.”

Suzette McNaught, Information Technology Manager, Jamaica Stock Exchange


At a glance

  • The Jamaica Stock Exchange (JSE), founded in 1969
  • Mandate to mobilise capital to facilitate growth and development in Jamaica
  • Actively uses Orbit Security to monitor its attack surface and identify vulnerabilities
  • Within one year, improved its security rating by 45%

The challenge 

The Jamaica Stock Exchange (JSE) is the only stock exchange in Jamaica, with a primary mandate to mobilise capital to facilitate the growth and development of companies, thereby contributing to the Jamaican economy. JSE is central to promoting growth and transparency in the market, while ensuring that the stock market and its member-dealers operate to the highest standards. With a market capitalisation of US$12bn spread across 99 listed companies, the JSE plays a pivotal role in the financial landscape of Jamaica.

Recognising the critical role of cyber security in organisations and to the development and growth of the Jamaican economy, the JSE’s dedicated security team of experts work continuously to ensure the security of the stock exchange. Their efforts are aimed at strengthening defenses to protect sensitive company and investor data, ensuring operational resilience, and maintaining the market’s reputation.

Seeking to enhance its cyber security posture, the JSE sought assistance from Thomas Murray to implement a robust solution for monitoring its attack surface and strengthen its public-facing security profile. In line with its commitment to international benchmarking, the JSE sought to integrate additional Key Risk Indicators (KRIs) from a reputable global cyber security service provider. Most importantly, the JSE wanted a solution that would continuously adapt to the evolving threat landscape, automatically detecting emerging threats that could impact the stock exchange and its subsidiaries.

Our solution

JSE’s IT Security team undertook a short trial, testing the product’s scope, usability, and relevance to its organisation, with particular reference to the accuracy, timeliness, and relevance of the threat intelligence. Following the trial, JSE subscribed to the Orbit Security platform to monitor its attack surface on a multi-year basis.

The results

145 Active sessions on Orbit Security


Active sessions on Orbit Security

45% Improvement to its cyber risk rating


Improvement to its cyber risk rating

Better cyber risk rating than 93% of exchanges and CSDs globally


Better cyber risk rating than 93% of exchanges and CSDs globally

Within one year, JSE has demonstrated ROI with a 45% improvement to its overall Orbit Security rating following 145 active sessions on the platform.

JSE’s IT Security team has been able to escalate and remediate every high-risk issue identified by the Orbit Security platform within the first year of its subscription. The team has engaged with Thomas Murray’s threat intelligence team to discuss more complex issues facing its organisation, combining context and deeper threat intelligence research to agree next steps. JSE has been able to get ahead of emerging issues to maintain a high Orbit Security score – scoring better than 93% of stock exchanges and CSDs globally – as well as a robust security posture. 

“Orbit Security is a sophisticated product. Its machine learning algorithm monitors our external attack surface with impressive accuracy, and the quality of the threat intelligence we receive regarding breaches and vulnerabilities is first-rate. We have access to genuine expert insight from Thomas Murray’s threat intelligence team. They have helped us to contextualise and remediate several issues and have in turn taken our insight and feedback seriously, which contributed to changes in the Orbit Security solution. If I were to recommend Thomas Murray to my peers, I would point to their expertise, comprehensive service offering and genuine global perspective in bolstering cyber security measures for organisations.”

Suzette McNaught, Information Technology Manager, Jamaica Stock Exchange

Orbit Security

Orbit Security

Security ratings for enhanced attack surface management and third party risk. Monitor for breaches and vulnerabilities that could be exploited by threat actors.

Learn more

Director of a Major Middle Eastern CSD

“The evaluation is very beneficial not only for our IT Security team but for the company as a whole. As CSDs we have to be as prepared as we can be against cyber risks, so Thomas Murray’s new initiative will be a golden key for that.”

Director of Cyber Security, Latin American financial institution

“The tool is good for us to identify cybersecurity risks to which our domain and its sources are exposed, as well as how to mitigate them.”

Head of Network Management, a European Bank

“Thomas Murray provided information we do not get by any other means today. It’s very useful. The tool is impressive and a nice answer to a problem in the banking industry: how do you manage a large network of service providers, distributors, partners and other third parties without costs creeping up? Cyber is going to be on the agenda for years to come and this tool is going to help us to keep ahead of our third-party risk management requirements.”

Cyber Specialist, third-party risk management at a US bank

“Responses to cyber questionnaires can be very PR-focused, and it’s difficult to get transparency. Security ratings cut through poor response rates to provide a health check based on objective, verifiable public data. We have integrated Thomas Murray’s cyber risk ratings and threat intelligence into our monitoring of agent banks and CSDs globally, and are looking to add additional groups from across the bank.”

IT Security Officer at a Central European bank

“The tool is well-designed and very user-friendly. Monitoring service providers and other third parties’ cyber risk is going to become a regulatory imperative soon; right now it is best practice and something banks should be looking at. Thomas Murray’s platform is great for monitoring our third parties, particularly those who are not very transparent in their DDQ responses. We really like the ability to benchmark our bank and our service providers against like-for-like peers and competitors, this is really important.”

CISO responsible for TPRM at a Global Bank

“The established US threat intelligence providers are expensive and only part of the puzzle. Thomas Murray’s new platform is a very, very good tool for managing our third parties – it is fully automated and isn’t ‘noisy’, which can become a serious relationship issue with some providers. My team really likes the look and feel of the platform as well as the clarity of thought that has gone into making this tool.”

IT Security Specialist of a Swiss financial institution

“Thomas Murray Cyber Risk is a great complement to the tools we use today. It provides much more comprehensive information around the vulnerabilities in our IT infrastructure – and particularly has a lot more details about breached employee emails and passwords than other providers. This is extremely helpful as it allows us to contract those employees with specific, actionable intelligence, and so that we can improve the email behaviour of all staff.”

CISO of an African financial institution

“The tool is very interesting. It gives us the capability to be proactive, rather than reactive, about building the security of our core infrastructure. We are a regulated company and subject to military surveillance by our government; Thomas Murray’s tool used ethical and indirect methods to discover every week the vulnerabilities that we would normally identify during our annual penetration testing.”

Head of IT Security of a Latin American stock exchange

“The Cyber Risk platform is more complete than our existing vulnerability scanning, and we will use it to either replace or complement it. The benchmarking in particular is extremely useful.”

Director of a large Turkish financial institution

“We have been able to make major improvements to our critical applications since using the tool, increasing our score and identifying further action points to stabilise our overall rating in future. Thomas Murray has enabled us to improve our internal processes as well, by pulling together all the necessary threat intelligence feeds so that my team can focus on implementing the findings, instead of gathering the data.”

CISO, Global Custody Bank

“Thomas Murray Cyber Risk’s approach is sophisticated. Its machine learning algorithm identifies our third parties’ public IT infrastructures with huge accuracy and requires no manual intervention. We feel we can place reliance on the ratings to build a robust third-party risk management framework. The solution was new to us, but the scope and accuracy of the data is better than anything I have seen in the market.”

Head of Network Management, Global Custody Bank

“In the past, we only had occasional contact with our IT Security team, who helped to validate the responses to some DDQs [due diligence questionnaires]. Recent regulations and geopolitical events demonstrated to our bank the need to monitor the cyber risk of our post-trade counterparties around the world. Thomas Murray has been instrumental in developing such a programme for us, and in bringing Network Management and IT Security together."

Contact an expert

Robert Smith

Robert Smith

Head of SaaS Sales and Customer Success 

Roland Thomas

Roland Thomas

Associate Director | Cyber Risk