European Investment Bank: The Creation of a Methodology to Identify Cyber Security Related Investments

EU

Challenge

The European Investment Bank required help to formulate a way of identifying the parts of projects, which can be considered to be ‘cybersecurity’ related, and to quantify those parts.

The main goals of the assignment were the following:

  • To undertake a review of the EIB’s sectoral notes that establish which types of cybersecurity related investments are eligible on the basis of the sectoral lending policies.
  • To refine the thinking/approach outlined in the notes, based on NRD Cyber Security’s experience in cybersecurity and propose an alternative approach if appropriate.
  • To quantify cybersecurity related investments for each project type in the different sectors and provide a methodology that could also be applied to other financiers and project promoters.
  • To confirm quantified figures through a targeted project promoter engagement, which will be managed by the Bank and by one or two other potential financing institutions.

Solution

NRD Cyber Security developed the following:

  • An approach for identifying cybersecurity related investments for each project type in the different sectors.
  • A report showing the cybersecurity related components of investment projects and their costs.
  • A definition of the most suitable metrics, and default values of cybersecurity related investments for each project type in the different sectors.
  • A final report based on the findings and conclusions of the assignment.

Other stories

CyberSOC managed SOC services in the Bank of Botswana
CyberSOC managed SOC services in the Bank of Botswana
Natrix and CyberSet deployed for CSIRTMalta
Natrix and CyberSet deployed for CSIRTMalta
Natrix threat monitoring platform for Egypt's financial sector
Natrix threat monitoring platform for Egypt's financial sector
Assessment of the technical and organisational security defences for the Central Bank of Botswana's infrastructure
Assessment of the technical and organisational security defences for the Central Bank of Botswana's infrastructure
Assessment of the technical and organisational security defences for the Bank of Guyana's infrastructure
Assessment of the technical and organisational security defences for the Bank of Guyana's infrastructure
Sectorial CSIRT for energy sector in Kosovo
Sectorial CSIRT for energy sector in Kosovo
Cybersecurity Fusion Centre Capacity Building for the Central Bank of Nigeria
Cybersecurity Fusion Centre Capacity Building for the Central Bank of Nigeria
Assessment of readiness for financial CSIRT build-up at the Reserve Bank of Malawi (on-going)
Assessment of readiness for financial CSIRT build-up at the Reserve Bank of Malawi (on-going)