Put the right processes in place to protect your business against cyber attacks
What is Cyber Security Risk Management?
Cyber security risk management is an ongoing process of identifying, evaluating, examining, and addressing your businesses cyber security threats. It’s crucial to have the correct processes in place in order to keep your data unexposed, reduce the likeliness of a cyber-attack, and for you to comply with GDPR and NIS regulations.
How we can help
At John Morgan Partnership we recognise that finding the right insurance is only one piece of the puzzle.
We work with a number of trusted partners who are experts within their field so that you can have access to a comprehensive cyber risk management toolkit.
Your cyber security risk management toolkit includes high level risk reporting which can be completed on a one off basis or to provide continuing insight.
We can also facilitate a thorough security audit through one of our partners in order fully grasp the risks your organisation faces.
On assessment of your audit, one of our partners can then implement measures and procedures to mitigate your cyber threats.
The right certifications can provide reassurance to your clients that you take cyber threats seriously and can be a trusted partner in their supply chain. At JMP we are proud to be Cyber Essentials certified as we are committed to the highest levels of professionalism as broker.
Another facet of cyber risk management is testing the measures you already have in place. This is termed ‘penetration testing’ and is considered the best way to see how your security would stand up to real world threats.
Cyber Risk Assessments
We can connect you with people who can help you to fully understand your data, meaning you are able to ensure its security to the highest standard and also use it more effectively within your business.
Cyber insurers will look at any additional measures you take to protect your business when deciding the terms they can provide, so this sort of action can provide significant savings down the line.
Not every one of these strategies will be right for every business but we can help you to decide which will be most beneficial to your organisation with confidence. These different methods not only give you the tools to accurately assess your risk, but to control it too.
Cyber Breach Example
A recent scam sent out a “Win a Sainsbury gift card” message which encouraged the receiver to share with their family and friends increasing the reach of the scammer. Clicking on the links in these messages you would be asked for personal data and some instances malware could be downloaded.
“Highly recommend John Phillips. We’ve recently had to claim on our insurance due to the loss of our websites and the whole process has been SO efficient. Every company should have cyber insurance”
Claire Maddox (MD)
Eurolink Connect Ltd
“Thank you John and the Team for sorting out out our insurance once again.
Its good to know that we correctly covered should we need it and also at a good price.”
MPH Vehicle Solutions
“We’ve been using JMP for over 10 Years for all our personal and business insurance. Always competitive and loads of great advice. Excellent service from a great team. Highly Recommended!”
Cotswold Computer Medic
“We have been using JMP Ltd for several years now and have progressively transferred all our insurance needs to them. They are so helpful, knowledgeable & competitive, we wouldn’t go anywhere else!”
Martin & Co
Cyber Risk Reporting & Analysis
Understanding your vulnerabilities
Every journey begins with a single step and when it comes to cyber risk management the most effective way to begin is to try to understand the risk as something which is tangible and can be measured. Cyber risk reports help you to understand the ways in which you are vulnerable and the potential costs of an incident.
These reports can provide a score akin to a ‘cyber credit check’ which is given context by peer to peer comparisons. The reports use the registration details of a domain and connect this to other domains that have been registered using similar details and checks all of the external Internet facing services that are being run by your organisation are then identified. This would include database and server providers, the email policy, security and configuration information that is available. This is collated and used to determine the cyber vulnerabilities of your organisation and those other organisations within your peer group.
Individual cyber risk reports can identify areas that require your immediate attention and other that may require action in future. Clear guidance on how you can fix weaknesses and vulnerabilities can be provided. Some providers are able to offer ongoing support with the option of re-scanning for threats. There are also companies which can run a system which simulates cyber attacks on your system. This will enable you to see how your interface will react to real life situations.
There are also reporting tools which can monitor ‘chatter’ about your organisation on the dark web which can serve as an early warning system on whether your are on the radar of cyber criminals.
Cyber insurers look favourably upon this sort of proactive approach and some providers even include an element of this sort of insight into their packages so it is an excellent time to speak to us about what is available and what we would recommend.
At JMP we can introduce you to our key partners who can guide you through certification for Cyber Essentials.
In order to demonstrate your commitment to cyber safety you may wish to assess how you measure up to different standards across industries. Cyber Essentials is a government backed scheme set up to help businesses to take control of their cyber security. However, so far only 22,000 certificates have been issued. Many businesses are wary of undertaking this task but it is based around self assessment and relatively simple so can be an excellent starting point for your cyber security risk management strategy.
If you would like an internationally recognised certification you can also look into the ISO27001. This is also not an unreachable standard, even for smaller organisations, but may be more suitable if you have a lot of dealings overseas.
There are many organisations that can help you obtain these certifications. These certifications can provide reassurance to your clients that you take cyber threats seriously and can be a trusted partner in their supply chain.
These certifications can also assist you in obtaining insurance. Some providers even offer a discount on your premium if you hold one of these certifications.
Making your people an asset rather than a liability
Cybersecurity risk management isn’t purely the job of your in house or outsourced security team; everyone in the organization has a part to play.
Your people are your biggest asset but can easily become your biggest liability. Our cyber security insurance customers get access to cyber security training, giving your staff the tools to make the right decisions when dealing with data.
Cyber risk training can be carried out through various user friendly online platforms or in person.
There are exponential opportunities for your organisation to fall victim to cyber crime. Statistics show:
These traits are not necessarily a bad thing. Some are double edged such as trust of authority and a sense of urgency which is how CEO scams have become so prevalent.
There are now so many ways for cyber criminals to engage with their victims, it is easy to get caught out. It is also human. Cyber criminals are sophisticated and have honed their craft to exploit these weaknesses. People can be both terribly predictable and unpredictable. This is not something you can change, but you can change attitudes, raise awareness and empower your people through an effective cyber training program.