Work with Supply Chain Primes and Cyber Insurers results in Risk Scoring for 2020

In 2019 we worked closely with Supply Chain ” Primes ” and with Cyber Insurance Underwriters and Brokers to produce a Risk Scoring solution that met their requirements.

Amongst other things – it had to be low cost, simple to use and interpret, non-intrusive on the organisation being monitored and risk scored and accurate in it’s score.

Support overheads should also be low.

This was a major development project for us and we are looking forward to a very exciting 2020 as we roll out to many supply chain primes, Enterprises and SMB’s.

Clearly many of the SMB’s that we set out to protect are part of supply chains and also insured by SMB focused underwriters and brokers,

The focus remains on securing against the 5 Controls of the Cyber Essentials standard however as always this also means that we cover most of the important elements of other standards like C.A.F. and N.I.S.T.

We can expect to see more and more cyber insurers put references to Cyber Essentials in their application forms ( already the case ) and we can expect more and more supply chain primes insisting that their suppliers are cyber secure to the Cyber Essentials standard as possible.

#missionpossiblecyber #CyberSecurity #cyberessentials

Cyber Insurers jostle for pole position in exploding market

Reduced risk equals reduced premiums or other incentives.

Reduced risk requires continuous visibility and monitoring and assessment.

The Black Box vehicle insurance model provides a framework for understanding how information transmitted to a ” data centre ” about the way a young person drives a car will result in that person receiving a reduced premium or other incentives .. or not.

If business owners run their businesses in a way that ensures practical protection against the most common cyber attacks then they will equally be rewarded.

This model already exists in a simple way. Right now if you go to certain Cyber Insurance companies and you have the Cyber Essentials certification you will get incentives for this.

However Cyber Essentials is like your MOT – it is an annual event and a lot can happen within the year. Your systems can be altered so that ” holes ” appear for example.

It is likely that Cyber Essentials will recommend and Cyber Insurers will insist upon continuous monitoring against the Cyber Essentials ( or equivalent in other countries ) standard.

Exactly like the vehicle black box requirements.

Exactly how this ” Black Box for Businesses ” that we have will be utilised and what incentives will be provided has yet to be determined.

For certain many cyber insurers want to provide the best solution at the best price. They want to either remain or become the premier provider of cyber insurance globally.

If you speak to cyber insurance brokers about who is the best underwriter in the space at the moment it comes down to the clients specific requirements and the wording in the cyber insurance terms and conditions and the coverage of certain risks.

Download Report on Cyber Insurance market here >> https://www.alliedmarketresearch.com/cyber-insurance-market

If you would like an online demonstration of the LuJam Cyber solution please contact chris@lujam.com or call +44 (0)117 373 6186 and ask for Chris ref. online demo.

Being Cyber Secure is important but so is….

being in Control of your business….

and being in control means that you have the right business information at your finger tips displayed in a simple and meaningful way…

That might mean that it is integrated into your Business Information applications. Part of an overall Business Information dashboard.

To get the information you need to ..

Detect ..

the presence of all devices that are using your networks. Not just PC’s, laptops, ipads and mobiles but ALL IoT devices … alarms, cctv, voice activated devices,manufacturing controls etc etc

Company issued devices and Bring your own Device ( BYOD ) .. those network using devices that staff and visitors bring into your business premises.

It is nearly always a surprise to our clients how many devices are actually in use in their premises.

When you have detected them you have VISIBILITY of the hardware aspect and then you need to

Monitor ..

Who and what and where and when and why are these devices talking to ?

On your premises or off your premises ?

What is the typical pattern of communications ?

( A useful facility built into LuJam is that of monitoring your Internet Connection – when is it up or down ?? )

We establish ” normal behaviour ” and we are increasingly able to detect and highlight abnormal behaviour ( eg the salesperson that hates using the CRM application but is suddenly on it for 48 hours straight … is he leaving ? )

We also find that people are using applications and visiting websites that they shouldn’t be. ( Bad websites are simply black listed and blocked – but can be white listed )

Now you have VISIBILITY of how devices and applications are being used on your network and a

Digital Asset Register..

and you have an understanding of communications and applications usage patterns

NOW you are really getting in control !!

Now COMPLIANCE with the policies and directives that you issued as a Director of the Business with Fiduciary Duties in an effort to comply with eg GDPR Regulations – can be verified.

( N.B. Typically a companies board has to think about many aspects with regard to cybersecurity:

Regulation: Are regulatory requirements being met?

Fiduciary duty: Is the company acting appropriately with regard to cybersecurity for our stakeholders ( customers and shareholders ) ?

Company liability: How does a failure to perform effectively in cybersecurity affect overall business performance?

Personal liability: If I am the CISO and we underperform in cybersecurity, might that affect my position? )

Now your Cyber Insurer can assess the

RISK

in your business.

Your Cyber Security responsible person or company can easily help you get certified to Government standards ( Cyber Essentials, CE Plus, ISO 27001 ) but this will not just be an annual assessment it is a 365,24-7 compliance with those standards.

With a

Risk Assessment and Cyber Essentials certification your Cyber Insurer will balance Risk against Premium and be inclined to reward you for your efforts.

So you are cyber secure, you are in control, you are compliant, your policies are actually being adhered to you saved the business money on cyber insurance and GDPR risks and we like to say..

Peace of Mind has arrived.

N.B. We develop LuJam Cyber guided by GCHQ, NCSC, IASME and our partners and clients. If there is something you would like to see us doing please let us know.

If you would like an online demonstration of the LuJam Cyber solution please contact chris@lujam.com or call +44 (0)117 373 6186 and ask for Chris ref. online demo.