Cyber Security Risk Management

Put the right processes in place to protect your business against cyber attacks

What is Cyber Security Risk Management?

Cyber security risk management is an ongoing process of identifying, evaluating, examining, and addressing your businesses cyber security threats. It’s crucial to have the correct processes in place in order to keep your data unexposed, reduce the likeliness of a cyber-attack, and for you to comply with GDPR and NIS regulations.

How we can help

At John Morgan Partnership we recognise that finding the right insurance is only one piece of the puzzle.

We work with a number of trusted partners who are experts within their field so that you can have access to a comprehensive cyber risk management toolkit.

Get a Free Quote

Answer a few simple questions about your business to get a tailored quote for Cyber Liability Insurance.

Speak to Our Team

Speak to a member of our expert cyber security team and we will be happy to answer any questions you may have.

Another facet of cyber risk management  is testing the measures you already have in place. This is termed ‘penetration testing’ and is considered the best way to see how your security would stand up to real world threats.

Cyber Risk Assessments

We can connect you with people who can help you to fully understand your data, meaning you are able to ensure its security to the highest standard and  also use it more effectively within your business.

Cyber insurers will look at any additional measures you take to protect your business when deciding the terms they can provide, so this sort of action can provide significant savings down the line.

Not every one of these strategies will be right for every business but we can help you to decide which will be most beneficial to your organisation with confidence. These different methods not only give you the tools to accurately assess your risk, but to control it too.

Cyber Breach Example

A recent scam sent out a “Win a Sainsbury gift card” message which encouraged the receiver to share with their family and friends increasing the reach of the scammer. Clicking on the links in these messages you would be asked for personal data and some instances malware could be downloaded.

Cyber Risk Reporting & Analysis

Understanding your vulnerabilities

Every journey begins with a single step and when it comes to cyber risk management the most effective way to begin is to try to understand the risk as something which is tangible and can be measured. Cyber risk reports help you to understand the ways in which you are vulnerable and the potential costs of an incident.

These reports can provide a score akin to a ‘cyber credit check’ which is given context by peer to peer comparisons. The reports use the registration details of a domain and connect this to other domains that have been registered using similar details and checks all of the external Internet facing services that are being run by your organisation are then identified. This would include database and server providers, the email policy, security and configuration information that is available. This is collated and used to determine the cyber vulnerabilities of your organisation and those other organisations within your peer group.

Individual cyber risk reports can identify areas that require your immediate attention and other that may require action in future. Clear guidance on how you can fix weaknesses and vulnerabilities can be provided. Some providers are able to offer ongoing support with the option of re-scanning for threats. There are also companies which can run a system which simulates cyber attacks on your system. This will enable you to see how your interface will react to real life situations.

There are also reporting tools which can monitor ‘chatter’ about your organisation on the dark web which can serve as an early warning system on whether your are on the radar of cyber criminals.

Cyber insurers look favourably upon this sort of proactive approach and some providers even include an element of this sort of insight into their packages so it is an excellent time to speak to us about what is available and what we would recommend.

Get a Free Quote

Answer a few simple questions about your business to get a tailored quote for Cyber Liability Insurance.

Speak to Our Team

Speak to a member of our expert cyber security team and we will be happy to answer any questions you may have.

Certification

cyber security certification

At JMP we can introduce you to our key partners who can guide you through certification for Cyber Essentials.

In order to demonstrate your commitment to cyber safety you may wish to assess how you measure up to different standards across industries. Cyber Essentials is a government backed scheme set up to help businesses to take control of their cyber security. However, so far only 22,000 certificates have been issued. Many businesses are wary of undertaking this task but it is based around self assessment and relatively simple so can be an excellent starting point for your cyber security risk management strategy.

If you would like an internationally recognised certification you can also look into the ISO27001. This is also not an unreachable standard, even for smaller organisations, but may be more suitable if you have a lot of dealings overseas.

There are many organisations that can help you obtain these certifications. These certifications can provide reassurance to your clients that you take cyber threats seriously and can be a trusted partner in their supply chain.

These certifications can also assist you in obtaining insurance. Some providers even offer a discount on your premium if you hold one of these certifications.

Cyber Risk Training

Making your people an asset rather than a liability

Cybersecurity risk management isn’t purely the job of your in house or outsourced security team; everyone in the organization has a part to play.

Your people are your biggest asset but can easily become your biggest liability. Our cyber security insurance customers get access to cyber security training, giving your staff the tools to make the right decisions when dealing with data.

Cyber risk training can be carried out through various user friendly online platforms or in person.

There are exponential opportunities for your organisation to fall victim to cyber crime. Statistics show:

There are certain weaknesses and windows that an attacker might look for, such as:

When we are rushing or busy

Another weakness to which we are all occasionally prone is the temptation to rush when we are busy. Accidental email leaks are even more common than you might think! We all know the moment of panic after pressing ‘reply all ‘ and is a major cause of security breaches. In 2017, 269 billion emails were sent daily and the UK’s Information Commissioner’s Office (ICO) found that emails such as this were behind many breaches.

These traits are not necessarily a bad thing. Some are double edged such as trust of authority and a sense of urgency which is how CEO scams have become so prevalent.

There are now so many ways for cyber criminals to engage with their victims, it is easy to get caught out. It is also human. Cyber criminals are sophisticated and have honed their craft to exploit these weaknesses. People can be both terribly predictable and unpredictable. This is not something you can change, but you can change attitudes, raise awareness and empower your people through an effective cyber training program.