The Challenge
The State needed a full-service partner that could assess the current cyber security provisions in place and identify vulnerabilities, as well as recommend future investment to meet best practice levels of cyber protection.
The State was also looking for a partner that had experience with insurance providers, to achieve security improvements that would make the state more insurable, and therefore, further protected against the financial impact of a cyberattack, should the worst happen.
Kroll's Solution
Kroll took a four-step approach to tackling the State’s requirements. This included an assessment, investigation and evaluation stage, followed by security guidance, advice around underwriting requirements and support for response to future incidents.
Working with the State, Kroll’s approach included:
- A review of the State’s enterprise information security policies and procedures
- A review of security questionnaire responses across all executive State agencies
- Comprehensive onsite assessments of 20 State agencies
- In-person and phone interviews with key stakeholders across State agencies
- Analysis of firewall and network device configurations
- Simulated attacks against network, system and physical security controls
- Social engineering exercises
- Threat monitoring across agency servers and workstations, all against specific threats, such as intellectual property theft, advanced persistent threats, denial of service, ransomware and many other types of threats.
The evaluation process also included assessments against cyber security standards such as the NIST Cybersecurity Framework, state/federal regulations and industry best practices.
Kroll brought in the external expertise of Ridge Global, a risk advisory firm, and Risk Cooperative, a Lloyd’s of London Cyber Coverholder and insurance provider, to provide insight on cyber coverage and premium pricing and to prepare the insurance program parameters, in consideration of the security recommendations the State planned to implement.
Risk Cooperative incorporated Kroll’s recommendations into a customized cyber insurance policy framework which allowed the state to prioritize its assets and ensure it had governance continuity. The policy structure helped the State to reduce the risk of the potential financial burden of a breach. It also ensures that the State is fully prepared to act in the event of an incident and is able to mitigate the financial impact for itself, and in turn, protect the taxpayer dollar.
The Impact
A Bolstered Security Posture
The State is now better able to mitigate the likelihood of a cyberattack as the security assessment completed by Kroll has provided comprehensive insight into the strengths and weaknesses of its cyber controls and processes.
Better Protected Data
The State has greater assurance that its data is protected to a high standard, helping to reduce the potential impact of a cyber incident.
Improved Resilience
The State is now more much more able to withstand the impact of a cyberattack, both from a preparedness and financial perspective, thanks to the cyber insurance policy framework which has enabled it to prioritize its assets and ensure governance continuity.
Critical Security Insight
Kroll’s assessments clearly identified strengths and weaknesses in the State’s cyber security program, strengthening its ability to protect confidential information.
Learn more about Kroll’s Cyber Risk services.
