Skip to main content

About the author

Roland Thomas

Associate Director | Corporate Development

Roland is an Associate Director in Thomas Murray’s Corporate Development team. He joined Thomas Murray in 2018 with responsibility for group strategy, partnerships and corporate finance. More recently, Roland’s role has focused on establishing Thomas Murray’s cyber risk business, starting in 2021 with the launch of our Orbit Security platform, and the development of our expert cyber risk consultancy. Roland has a BA in English Language and Literature from Oxford University.

The cyber threat environment is changing all the time as criminals adopt increasingly sophisticated measures to counter your defences. The drive to stay ahead of threat actors is fuelled by the need to demonstrate operational resilience.

Here’s a quick guide to what you should look for in your cyber security toolkit, and how to use it to adopt the MARM approach: Monitor, Assess and Remediate, Manage.

Problem: You don’t have real-time information about your attack surface 

This is the problem that gives rise to a host of other problems, so it’s one of the first to address.

Point-in-time analysis of your risk environment is static, and only helpful in piecing together what has happened in the aftermath of an incident. In a world of constantly increasing cyber attacks, it’s more than likely that your IT security team is juggling multiple tools in an effort to build something that is only ever, at best, an approximate picture of your ever-growing attack surface.

Compounding the problem is the fact that, as your organisation grows or adopts new ways of working, you are vulnerable to attack through avenues you may not even know about. This is true even before you consider the limited visibility you have over the third-party risk you’re exposed to through your organisation’s relationships.

It is hard for you and your team to know where to focus your time, because on top of these day-to-day issues you are also expected to deal with increased regulation and a growing demand from senior leadership and other stakeholders for more transparent reporting.

Solution: Monitor – Assess and Remediate – Manage

With Orbit Intelligence, you can capture your risk landscape and pull together insights from across the platform. Rather than a suite of products, you can have a single hub that provides you with all of your risk analysis reports, current data and news about your portfolio of monitored organisations.

From this starting point, you can easily adopt the MARM approach: Monitor – Assess and Remediate – Manage.

  • Monitor

You need to be shown a real-time live feed of your attack surface, which is constantly growing and therefore needs continuous monitoring. A static snapshot is no longer fit for purpose.

Instant insights into the security of your organisation – as well as that of all of your third parties – will arm your security and risk management teams with the information they need to start reducing your vulnerabilities before they are exploited by a malicious actor.

  • Assess and Remediate

Your cyber security tools should provide you with risk assessments – not just of your own level risk, but of that of your third parties and vendors.

Look for a solution that will allow you to compare vendors, provides customised benchmarking and security questionnaires that you can tailor for your own needs while also providing a standardised framework for your respondents.

Built-in remediation workflows and domain and SSL certificate reminders will address and prevent foreseeable risks.

  • Manage

Use reporting and insights to strengthen your approach and create a culture of data and cyber security across your organisation:

Management reporting

Our security risk ratings present complex information in a way that’s easy for both stakeholders outside your team and senior management to understand, allowing you to communicate clearly and effectively what your security pain points are and what resources you need to address them.

Vendor risk reporting

You will be instantly notified if one of your third parties has its security rating downgraded. Ongoing monitoring of your threat environment will also strengthen the security of your third parties, as you will consistently be keeping them accountable. This further minimises your overall third-party risk.


How we can help

Our leading cyber security solutions are ideal, whether you’re looking to protect your own organisation, manage third-party risk or demonstrate compliance with the regulatory requirements in your industry. Find out more about how we can help you to overcome your cyber security challenges.


Contact an expert

Roland Thomas

Roland Thomas

Associate Director | Cyber Risk