WATCH
Predictive risk intelligence. Know before it happens.
AI-powered predictive engine that surfaces risk probabilities before incidents materialise. Incident likelihood prediction analyses historical patterns, control posture, and threat intelligence. SLA breach prediction warns when remediation timelines are at risk. Control failure prediction identifies controls likely to drift. Vendor disruption prediction flags supply chain concentration risks.
What you get
Incident Likelihood Prediction with Confidence Scores
Analyses historical incident patterns, current control posture gaps, threat intelligence indicators, and vulnerability exposure to calculate incident likelihood probabilities across different incident categories. Each prediction includes a confidence score reflecting the model's certainty and the data signals contributing to the assessment, enabling risk managers to prioritise preventive action on high-confidence, high-probability predictions.
SLA Breach Probability Forecasting
Monitors active remediation tasks, vulnerability SLAs, and compliance deadlines to predict which items are likely to breach their SLA based on current velocity, assignee workload, and historical completion patterns. Predictions surface 3-5 days before projected breach, giving managers time to reallocate resources, escalate, or negotiate deadline extensions before SLA violations occur.
Control Failure Risk Detection
Identifies controls that are likely to drift into failure based on evidence freshness trends, review cycle adherence, and historical failure patterns. When a control's evidence collection has been consistently delayed over the past three cycles, WATCH predicts the control is at risk of failing its next review and alerts the control owner to take preventive action.
Vendor Disruption Early Warning
Monitors vendor risk signals including financial stability indicators, security posture changes, regulatory enforcement actions, and news sentiment to predict which vendors are at elevated risk of service disruption. Early warnings are correlated with your vendor dependency map to quantify the business impact of a potential disruption, supporting DORA Article 28 ICT third-party risk management.
Risk Distribution Radar View
Visualises predicted risk concentrations across multiple dimensions — by asset category, vendor, geographic region, framework, and time horizon — in a radar view that highlights where risk is clustering. The radar view enables pattern recognition that individual risk metrics cannot provide, revealing systemic risk accumulation before it manifests as incidents.
One-Click Arena Simulation from Any Prediction
Any WATCH prediction can be instantly escalated to a Fortis Arena simulation for deeper quantitative analysis. A vendor disruption early warning can be simulated in Arena to quantify the financial impact, explore cascade dependencies, and evaluate mitigation strategies — creating a seamless workflow from predictive signal to quantified risk scenario.
How it works
System Analyses Signals Continuously
WATCH continuously ingests signals from across the FortisEU platform — incident history, vulnerability trends, control posture, evidence freshness, vendor risk scores, and threat intelligence — processing them through predictive models that identify patterns preceding adverse events.
Predictions Surface
When predictive models identify elevated risk, predictions are surfaced with probability scores, confidence levels, contributing signals, and recommended preventive actions. Predictions are categorised by type (incident, SLA breach, control failure, vendor disruption) and prioritised by probability and potential impact.
Review Probability & Impact
Risk managers review surfaced predictions, examining the underlying signals and confidence scores. High-confidence predictions with significant potential impact are flagged for immediate action, while lower-confidence predictions are monitored for signal strengthening over time.
Take Preventive Action or Simulate in Arena
Based on prediction review, managers either take direct preventive action (reassign resources, escalate remediations, adjust controls) or escalate to Fortis Arena for quantitative simulation of the predicted scenario. Preventive actions taken are tracked and correlated with prediction outcomes to improve model accuracy over time.
Built for your team
Proactive Risk Management & Board Communication
The CISO uses WATCH predictions to shift from reactive incident response to proactive risk prevention. Weekly risk briefings highlight emerging risk concentrations and predicted incidents before they materialise, enabling the security team to take preventive action. Board reports include prediction accuracy metrics demonstrating that the security team is identifying and mitigating risks proactively, satisfying NIS2 Article 20 management body oversight requirements with forward-looking risk intelligence rather than backward-looking incident reports.
Incident Prevention & Resource Allocation
The SOC Lead monitors incident likelihood predictions to allocate team resources toward the highest-probability threat categories. When WATCH predicts elevated ransomware likelihood based on vulnerability exposure patterns and threat intelligence indicators, the SOC Lead can pre-position detection rules, verify backup integrity, and brief the response team before an incident occurs. Historical prediction accuracy data helps the SOC Lead calibrate team response to different confidence levels.
Predictive Risk Mitigation & SLA Management
The risk manager uses SLA breach predictions to intervene before remediation deadlines are missed, reallocating resources from lower-priority tasks to at-risk items. Control failure predictions enable proactive evidence collection and review scheduling before controls drift into non-compliance. The risk manager tracks prediction outcomes to build an evidence base demonstrating that WATCH-driven preventive actions measurably reduce incident frequency and SLA breach rates.
Supports your compliance stack
Common questions
What methodology do the prediction models use?
WATCH's prediction models combine time-series analysis of historical patterns, anomaly detection on current signal deviations, and Bayesian inference for probability estimation. Models are trained on your organisation's historical data including past incidents, control failures, SLA breaches, and vendor disruptions. Predictions are not black-box — each prediction includes a transparency report showing which signals contributed to the assessment and their relative weights, enabling risk managers to validate the model's reasoning and override predictions when human context indicates the model has missed relevant factors.
What data inputs drive the predictions?
WATCH ingests signals from across the FortisEU platform including incident history and patterns, vulnerability counts and remediation velocity, control evidence freshness and review adherence, vendor risk score trends, threat intelligence feeds, SLA compliance history, and user behaviour analytics. External signals include industry threat intelligence, vendor financial stability indicators, and regulatory enforcement patterns. The breadth of input signals enables cross-domain pattern recognition — for example, correlating increasing vulnerability counts with slowing remediation velocity to predict SLA breaches before individual metrics trigger alerts.
What are the false positive rates for predictions?
False positive rates vary by prediction type and data maturity. After 6 months of operational data, incident likelihood predictions typically achieve 70-80% precision (true positive rate) at the high-confidence threshold. SLA breach predictions achieve higher accuracy (85-90%) because they are based on more deterministic signals — task velocity and deadline arithmetic. Control failure predictions achieve 75-85% precision based on evidence freshness trends. All predictions include confidence scores that enable managers to filter for high-confidence predictions only, effectively controlling their own false positive exposure based on organisational risk tolerance.
How does WATCH integrate with Fortis Arena simulation?
Any WATCH prediction can be escalated to Arena with a single click, pre-populating the Arena simulation with the prediction's parameters, affected assets, and contributing signals. For example, a vendor disruption early warning for a critical SaaS provider can be instantly modelled in Arena to quantify the financial impact across a range of disruption durations, evaluate cascade effects on dependent assets, and compare mitigation strategies. This integration creates a continuous workflow from early warning signal through quantitative impact analysis to informed risk decision, aligned with DORA Article 24 digital operational resilience testing requirements.
How does prediction accuracy improve over time?
WATCH implements a continuous learning loop where prediction outcomes are tracked and fed back to improve model accuracy. When a prediction is validated (an incident occurs as predicted) or invalidated (the predicted event does not occur), the model adjusts its weighting of contributing signals. After 12 months of operation, most prediction categories show measurable accuracy improvement as the model learns your organisation's specific patterns. Accuracy metrics are reported in the WATCH dashboard, providing transparency into model performance and enabling risk managers to calibrate their response intensity to different confidence levels based on demonstrated accuracy history.
Related features
See WATCH in Action
Create an account and explore the platform, or talk to our team about enterprise deployment.