Quantifying Cyber Risk and Ongoing Monitoring and Responding to Cyber Incidents

Cloud Group has developed a service offering specifically for the insurance industry which includes:

 

This enables clients to more accurately quantify the risk of new clients and enable more informed decisions regarding the declining risk profile of existing clients and the adjustment of insurance premiums accordingly.

CLIENT SITE REVIEW

Cloud Group will physically visit the client’s head office and operating units to review

  • People
  • Website and social media
  • Network
  • Data
  • Theft of funds
  • Internet of things (Manufactured/Distributed by Client)

In particular, Cloud Group would perform:

  • A survey of a sample of employees across the business to assess their cyber risk awareness;
  • A network probe to scan the network and highlight potential problems or risk areas;
  • A review of the company’s information security policies and procedures; and
  • A review of the current firewall logs.

ONGOING MONITORING AND REPORTING

Ongoing monitoring of client’s networks by Cloud Group’s probe tool called “cProbe”.The cProbe functions include:

  • Network assessment and reporting
  • Network(LAN and WiFi) scanning and analysing
  • Suspicious and unknown device detection
  • Intrusion detection with new device notifications
  • Device signature change tracking
  • Network device overview and scan results
  • Wifi network threat assessment

CYBER RISK ENGINE

The information collected from the on-site review would be captured online and stored in the Cyber Risk engine which would use a predetermined risk matrix to indicate the level of risk of each client, from High Risk (do not insure) to Low Risk (acceptable).

Each insurance broker has their own customised page and can review the status of their clients.

INCIDENCE RESPONSE

When a cyber-attack is detected by the monitoring systems or reported by the client, a High Priority Cyber Attack is logged and the following procedures carried out:

  • IT – Isolate the network to contain the breach (Depends on nature of attack) and determine root cause of the event.
  • Legal – Advises the client on legal obligations to report data loss and other requirements that include PAIA, ECT etc.
  • Operations – Review alternative paths to restore data, if applicable, and continue with operations.
  • Public Relations – Send out appropriate statement on all social media sites.
  • IT Risk – Review existing policies and system to minimize the risk of recurrence.