Case Study

Cyber and terrorism converged risk assessment

Services involved:
Threat Assessment
Security Strategy Development

Our team was approached by a US state-wide transport and infrastructure provider to conduct a combined physical and cyber threat assessment. This was done to improve the client’s overall risk management and support the placement of insurance, by linking the approach to extant risk -management frameworks.

The assessment focused predominantly on critical terror and cyber threats, from both overseas organisations and domestic actors. After identifying the threats, we mapped these over to the clients assets, highlighting the applicable risks and enabling risk treatment.

This uncovered adversary methodologies that were previously unknown to the client, which included the ability to procure modified versions of industry specific equipment to cause damage. Such equipment would give adversaries an unexpected advantage over the client’s security, who were quickly informed of the problem.

This approach also enabled our consultants to understand where physical or cyber vulnerabilities could converge and be exploited to impact the company in either domain. This is critically important for companies where operational technology and assets are becoming integrated with IT systems. Finally, the team developed a risk treatment plan and provided recommendations on the risk transfer strategy of the organisation, reducing its exposure and contributing to a safer and more robust transport network.

Project leads
Adam Carrier
Head of Consulting
View profile
Max Richardson
Consultant, Crisis & Security Strategy
View profile


  • In depth analysis of physical security vulnerabilities an risk factors at all key sites.
  • Highlighted the criticality of vulnerable sites, enabling prioritisation of company assets.
  • Analysis of all relevant physical and cyber threat actors, and their most likely courses of action in the event of an attack.
  • A comprehensive risk treatment plan divided into strategic and site-by-site changes, including over ninety separate recommendations, including investment to maximise current security assets.
  • A quantification of cyber exposure, that allowed the company to adopt an appropriate risk transfer strategy and successfully obtain cyber insurance coverage in a difficult market.

Relevant case studies

View more projects we have completed for clients.

Active Threat Monitoring
Threat Intelligence
Threat Assessment

Contact us

We’re always keen to talk through problems – even if you don’t end up working with us.

Let us know your problem or situation and one of our consultants will get back to you and arrange a call.

Step one
You let us know what you or your team requires help with.
Step two
One of our consultants will arrange a meeting to find out more.
Step three
We outline how we can help you in a proposal.
Step four
If accepted, we begin providing you or your team with our solution.