The Business: Insurance
The Insurance industry is faced with complicated new challenges in catering to the needs of clients requesting Cyber Insurance. The major concern being the uncertainty inherent in the Cyber World:
Dynamic threat landscape – evolving attackers, attack methods and asset attractiveness
Rapidly evolving security posture – monitoring the state and deployment of resources
Disproportionate impact of potential attacks – business losses far exceeding asset loss
The new challenges of the cyber world requires new cooperative relationships between insurer and insured. The information benefits of a well formulated cyber security management solution encourage, promote and provide information on continuous awareness to both sides. Information that is relevant to customer-specific threats and monitoring of assets risk fluctuation vs agreed upon risk appetite. The current best practice of yearly reviews and questionnaires impairs the adaptation of policies to business needs and may even generate friction due to the subjective nature of this practice.
Our solution: Cytegic Cyber Risk Management Insurance Solution
Cytegic Cybersecurity Management Solution provides end-to-end technology and practices to cater to all the needs of contemporary cyber insurance product viability and tailoring to customer’s needs. Continuous quantified intelligence as to the threat profile of business sectors in the specific locations where the business is conducted provided to both insurer and insured – generates common ground for initial engagement and continuous monitoring. Automated, continuous, non-invasive maturity review of all 50 categories of controls composing the security posture of the insured – objective and updated common understanding of cyber security management employed in the organization. Dynamic and adaptive risk dashboard with pre-defined and agreed thresholds representing risk appetite – integrating threats, defenses and business perspective to generate quantified, objective and actionable cyber risk management solution. Using Cytegic solution is the best way for insured to maintain good operational standards that are acceptable by the insurer for professional cyber-risk management. Following standards guidelines encourages maintaining actuarial good practice. Cytegic technology opens the doors for insurers to manage risks effectively, thus offering attractive policies to generate good business for all parties.
The Business: Banking
Attacks on different organizations have become a part of the daily news reports in the last few years, they are increasing in number and severity. Organizations hearing about such news are concerned about the possible impacts of such attacks on themselves. (Read More…)These concerns lead to inquiries. More often, to long and costly assessment processes, all to assess a specific attack which happened to someone else. Recently, significant time and money have been spent on such efforts. Often leading to incomplete answers. CISOs may not always be able to deal with these challenges since they are constrained by a budgeting process. Solution – An internal continuous monitoring process is best.
The cyber readiness assessment is too long and expensive process, one which the bank’s’ management refused to repeat on a regular basis, leaving the CISO without effective means to measure the effectiveness of the organization’s cyber security posture over time. Cytegic’s greatest challenge was to overcome the skepticism regarding the ability of a system to replace the auditors and deliver accurate results. Attacks on different organizations pose a serious problem to those who wish to assess their vulnerability to attacks: The difference in the threat landscape & the difference between reported attacks and your company. The specific attack vector and internal defensive posture of the reported company and yours. A lengthy process of evaluation which in many cases is also not complete and/or accurate. All too often such a process becomes a full time job at best, while at most organizations, such a job title doesn’t actually exist.
The Cytegic effort involved deploying its Cyber Management Suite and conducting an assessment of the clients environments. A threat analysis revealed that its current Cyber controls were not properly deployed nor configured. The assessment emphasized that the risk was high and the implications of such an attack on the bank could be severe. Using the suggested controls indicated by the CDSS product, a work plan, together with a budget request were submitted to the board of the bank. The plan was approved and all of the product’s suggested remediation indications were finalized 3 months later. Customer Value The CISO has gained immensely from the installation of the system, which allowed him to: Not spend money on an assessment after this specific attack. Allowing for quick responses to inquiries following a cyber crime event. Conducting frequent assessments without having to rely on external auditors and / or additional budget allocations. Producing a specific list of prioritized controls requiring improvement, allowing for smart spending to achieve targeted goal.