The broader business community has taken on a herculean effort to adjust and respond quickly to the growing cyber threat landscape. One component of a sound cyber risk management program is to qualify for and procure comprehensive cyber insurance coverage. But once you have successfully met the requirements to obtain coverage, you may find yourself asking, what else should my organization be doing to manage this dynamic risk?
Our team of experienced professionals has a deep understanding of the ever-changing cyber threat landscape and can help your organization stay ahead of the curve. We are excited to share a new bundle of Cyber Risk Management Services that are available to our clients! An overview of these services is provided below.
JKJ Cyber Risk Management Services
IRP Review & Tabletop Exercise
Insurance carrier applications often ask whether your organization has a Cyber-specific Incident Response Plan (IRP) in place. JKJ has templates we can provide to help your organization build an IRP; but more importantly, once you build it, you should put it to the test! JKJ will engage a privacy attorney, and IT Forensics firm, who are pre-approved/on panel with your insurance carrier to conduct a tabletop exercise of your IRP with various mock cyber incident scenarios. These exercises are best performed with the engagement of your IT, Operations, and Executive leadership teams. Sample incidents may include mock ransomware attacks or business email compromises. The time spent in these preparatory efforts can save hours to days of time spent if and when a true incident occurs. We highly recommend this as one of the most valuable and effective uses of your time spent managing cyber risk.
Ongoing Network Scans
Sick of waiting for the insurance carriers to scan your network and identify vulnerabilities that impact your coverage? JKJ has partnered with CyRisk to deliver a bi-annual network scan in advance of the scans performed by the insurance carriers. Additionally, JKJ and CyRisk will perform monthly scans for the latest ransomware threat vulnerabilities and zero-day exposure detection. Participating clients will receive a report twice a year of their scan results and be notified on a monthly basis if they have a critical vulnerability associated with a known ransomware or zero-day threat. Our goal is to assist our clients in better protecting their network, and positioning ourselves to obtain the strongest terms, pricing and conditions from the insurance markets at renewal.
Anti-Social Engineering Fraud/Payment Processing Security
To this day, social engineering fraud (often perpetrated via a business email compromise) continues to be the most common cyber incident we experience with our clients. JKJ has partnered with Paymerang to deliver a solution for the growing issue of social engineering theft. Paymerang provides a streamlined invoice and payment automation platform that saves Accounts Payable (AP) departments thousands of hours annually, enhances visibility, increases accuracy, improves efficiency, and earns rebates while reducing paper, fraud risks, and operating costs.
Cybersecurity & IT Providers
Already have MFA enforced in the key areas needed to qualify for insurance? What else does your organization need to prepare to maintain strong cyber hygiene and to obtain the most competitive insurance policies? The insurance world continues to place more on more value on services with more comprehensive Endpoint Detection and Response capabilities. This includes Managed Detection and Response and Extended Detection and response (for more information on the differences, check out this great article by Crowdstrike. Additionally, there are questions about whether your organization relies upon a Security Operations Center (SOC) or has a third party to conduct a vulnerability assessment and periodic penetration testing. JKJ has a multitude of excellent resources and service providers in these areas we can avail for your consideration as you continue to enhance your cyber risk management strategy. This includes Managed Service Providers (MSPs), Managed Security Service Providers (MSSPs), and more.
Board Cyber Training
Has your Board of Directors asked you about how your organization is managing cyber risk? If they have not, then they should be! JKJ has partnered with a law firm to provide training to the Board of Directors to educate them on the landscapes of risks, their impact on the organization, and how it is and can be managed by the organization.
The devil is in the details when it comes to indemnification, liability, insurance and responsibilities assumed or transferred in a contractual agreement. JKJ will provide a non-legal review of your key contracts to provide feedback about the liability posturing of the agreement. We still advise all contracts should be reviewed by an attorney, but we can provide guidance on the language and key areas to consider. This is critically important for any key vendors or clients in your operational supply chain to ensure the proper protection of your organization’s assets.
JKJ will continue to monitor and stay in tune with the dynamic landscape of evolving cyber risk and risk management techniques. We will provide ongoing thought leadership and resources to assist you. If you have questions or if you would like additional information, please complete the form below: