Acupay Cybersecurity Program Results

This article continues last month’s discussion on Acupay Cybersecurity Challenges, Solutions, and Results. 

In our previous newsletter, we addressed the challenges Acupay faced in implementing a comprehensive cybersecurity program, including scope, organizational and human factors, regulatory requirements, and resource limitations. We also outlined the solutions designed to overcome these obstacles. 

Implementing these solutions required focus, persistence, and continued investment, along with valuable support from vendors, contractors, and service providers. Building Acupay’s cybersecurity foundation has been a multi-year journey, marked by significant milestones such as improved risk assessment outcomes and achieving the SOC 2 Type II certification. 

The SOC 2 Type II audit marked a critical step in demonstrating not just foundational cybersecurity but also maturity. This achievement instils greater confidence among our users and clients in our cybersecurity posture. Working with an external auditor to meet industry-standard criteria challenged us to implement new controls and enhance existing ones, showcasing our progress and rewarding our collective efforts. 

Another key metric of our progress came from BitSight, which assigned Acupay a cybersecurity rating of 780 out of 900—an advanced score that places us ahead of 95% of the financial services industry. This represents a dramatic improvement from our initial rating, which was below 600 just a few years ago. 

Additionally, our annual penetration testing provided further validation. For the sixth consecutive year, we received attestation that Acupay’s systems are secured in alignment with industry best practices—an essential goal of our program. 

We’ve learned that building a robust cybersecurity ecosystem is an ongoing process. It requires time, structured efforts, and adaptability to evolving risks, technologies, and regulatory demands. While the journey continues, we are proud of the significant progress we’ve made and remain committed to ongoing improvement. 

Cybersecurity is never static; it’s a continuous effort to protect our systems, adapt to change, and stay ahead of emerging threats.