Driving Innovation through Customer Feedback at MetricStream: A View from the CyberRisk Product Council

cyber risk 1.jpeg
3 min read


The cyber threat landscape is evolving at an unprecedented pace. Organizations today operate in an extremely hostile digital environment where cyber adversaries are on the constant lookout to exploit any gap or vulnerability. With the exploding number of cyber attacks, no organization can assume that they have an impenetrable cyber defense infrastructure.

What is required is a proactive approach to cyber risk identification and mitigation. So, how can GRC and IT Risk leaders take steps to assess, mitigate and prevent it?

It’s a topic I’m passionate about -- and I’m also passionate about customer feedback. Recently we had the opportunity to combine both. Here’s some of what we learned in this critical area

Customer Engagement via CyberRisk Product Council

We had the privilege of hosting our first IT and CyberRisk Product Council last month. It provided a terrific bird’s-eye view into what’s happening with our customers when it comes to IT and cyber risk.

The purpose of the session was to connect customers and MetricStream product leaders in an interactive dialogue around innovation and exploring questions such as: What’s working? What can we do better? What’s happening in your role and what are the challenges? How can we be most effective for you – now and into the future? What’s on the product roadmap?

We heard multiple themes – keep your product easy to use; collaborate across the enterprise; integrate data for visibility – but most of all, help us quantify risk.

Risk quantification is so critical today because it couches risk – especially, but not only, cyber risk -- in business and monetary terms. This helps security teams to better communicate the cyber risk posture to the management and the board in concrete and real terms, thereby unifying the leaders across the company around the value of cybersecurity investments. With better cyber risk insights and visibility, the decision-makers are empowered to prioritize cybersecurity investments and devise practical action plans.

During the council meeting, we discussed the importance of quantification and how to implement it. A large customer on the team has already implemented the FAIR+ model in conjunction with MetricStream’s IT and Cyber Risk solution. FAIR stands for Factor Analysis of Information Risk and is an international standard for quantifying cyber and operational risk, developed by the FAIR Institute.

Working together with MetricStream, this customer is now able to measure their information and cyber risk in dollar terms. The security team is better equipped to understand, quantify, and communicate their cyber risk posture to their board, as well as monitor their risk on a real-time basis.

We also discussed other product enhancements and shared the IT and cyber risk roadmap to help our customers benefit from AI-based recommendations and much more.

Above all, we had a chance to engage in an authentic conversation about customer needs, challenges, and pain points. While product council is far from the only time MetricStream communicates with customers – regular engagement and feedback sessions are critical to our mutual success -- there is something special about a session dedicated just to product innovation and feedback.

We had an honest, interesting, and exciting conversation about what’s necessary, what’s possible, and what’s next. The session was full of actionable ideas. It’s obvious why cyber risk ranks at the top of the board and C-suite priorities. Not addressing it is unthinkable, yet tackling it also can be overwhelming. We are so grateful to all of our MetricStream customers for their partnership in bringing innovative solutions to the market and extend a special thanks to the council as we all power what’s next.

Are you an IT and Cyber Risk customer who wants to have your voice heard? Please reach out to me directly at jbhowmick@metricstream.com. We’re adding to the council and have another session coming up soon. Have your voice heard!


Joy Bhowmick Senior Vice President, Product Development

Joy Bhowmick is Senior Vice President, Product Development at MetricStream, and has 20+ years of experience in leading institutional, retail, and commercial banking technology initiatives. He has delivered many solutions in Risk Management, Finance, Compliance, Cyber Security and Audit. He is known for his expertise in determining strategic financial direction, leveraging business and technical acumen to generate solutions for complex issues.

He specializes in championing strategic initiatives to deliver effective results, participating in critical decision-making processes while working proactively with cross-functional teams to drive competitive advantage. His mission is to stay committed to cultivating exceptional stakeholder relationships, meeting their needs and expectations at every step. His ability to provide exceptional service, resources, and methods to meet ever-changing objectives and ensure compliance with all regulatory requirements is what makes him the best at what he does.