27 August 2020

How a cyber security platform can mitigate large organisations’ cyber risks

Australian organisations have been put on notice that they are the target of sustained cyber attacks by hostile attackers. The Australian government is officially warning all businesses to increase their cyber security risk management. Having cyber insurance is part of this, but preventative measures are also critical. Through our partnerships Gallagher can help with cyber security services to monitor, manage and mitigate cyber risks.

What cyber security methods are needed for large companies?

A best practice framework based on technical cyber expertise from the Australian government has produced 8 essential strategies (or controls) for larger organisations to mitigate cyber security threats, known as the Essential 8. These have been found to mitigate up to 85% of cyber threats.

The Australian Cyber Security Centre (ACSC) outlines the Essential Eight Cyber Security controls to be as follows:

02595_Essential_8_Security_Controls_Apr20

Source of infographic: Huntsman

The Essential 8 controls are components of three key areas of cyber security:

      1. Preventing attacks, through application control and hardening, updating applications by patching, and configuring Microsoft Office macros for safety.
      2. Limiting the damage from a cyber attack, through restricting administrative privileges to needs only, applying timely patching to the operating systems and using multi-factor authentication for all access.
      3. Recovering data and system availability, through backing up critical data daily to mitigate impacts of a potential cyber attack and enable faster recovery and less cyber business interruption.

Consider these expert grade cyber security services for your organisation

Gallagher Australia’s partnership with Huntsman Security*, an Australian provider of defence-grade cyber security solutions, provides access to critical cyber risk management services (or products/systems) for larger organisations.

Given cyber risks change constantly, are growing in prevalence and in the nature of techniques used by cyber attackers, setting up a systematic cyber governance framework for your organisation should be an essential step in your risk mitigation plans.

“You can’t make cyber security a periodic tick-box exercise. To be effective you need ongoing visibility and understanding of where your systems’ vulnerabilities are and what needs addressing. Our partnership with Huntsman makes this capability accessible to our clients via the Essential 8 Auditor product.”

Robyn Adcock, Gallagher Cyber/Technology Practice Leader

Huntsman Security’s cyber security Essential 8 Auditor — key information

The Essential 8 Auditor toolHuntsman_Essential8_Auditor_Packaging_transparent

  • can be self-installed with only limited technical skill
  • delivers instant security control auditing that enables you to understand your current risk exposure
  • measures your cyber security against the recommended government framework, the Essential 8 cyber security controls
  • provides a benchmark of your systems’ resilience.

The tool audits your organisation’s security controls and their effectiveness as measured against the Essential 8 and provides a performance score for each control, determining coverage and identifying shortcomings and vulnerabilities. The information appears on a dashboard and can be exported for remote management and reporting.

In addition to delivering an immediate snapshot of your cyber security levels the Essential 8 Auditor is a useful risk management tool for compliance auditing and reporting. It generates point in time reports, or more regular summaries, to identify trends and delivers prioritised alerts.

computer-systems-security-business_office


The advantages of having ongoing cyber security monitoring

  • Unlike other business risks, cyber risk is dynamic – it can change daily so periodic assessments can limit an accurate picture of your current risk exposure.
  • The Essential 8 Auditor can be operated by anyone in the IT team, and is not limited to those with security engineering expertise.
  • The Essential 8 Auditor helps you benchmark your operation’s cyber security against the recognised government Essential 8 Maturity Model. Once you have recorded your baseline performance you can build a plan for improving areas of deficiency. The Essential 8 Auditor then measures the effectiveness of your improvements.
  • The data collected by the Essential 8 Auditor can be exported and shared with colleagues and senior business stakeholders for operational use or inclusion in security audit reports.

“Risk Management and ideally prevention play an important role in supporting cyber insurance cover.  We have formed these partnerships to help our clients have visibility and understanding of their risk, effectively protect themselves and reduce the likelihood of having a cyber claim,” Adcock says.

“Talk to one of our cyber insurance specialists to find out more about accessing these cyber security tools.”


Protect your organisation from cyber threats

Cyber insurance provides back-up for your security measures and means that you are covered for the cost of engaging professionals and associated expenses involved in the restoration and remediation of your systems, as well as reputational damage control, should you become the victim of a cyber attack.

Connect with an expert

 

Further reading

Cyber insurance

Do I need cyber-liability insurance?

 

Additional information

Huntsman Security Solutions

 Essential Eight explained

Security audit and vendor due diligence in a new normal

*If you decide to purchase a Huntsman Cyber Security plan, Gallagher will be paid a referral fee by Huntsman.


Gallagher provides insurance, risk management and benefits consulting services for clients in response to both known and unknown risk exposures. When providing analysis and recommendations regarding potential insurance coverage, potential claims and/or operational strategy in response to national emergencies (including health crises), we do so from an insurance and/or risk management perspective, and offer broad information about risk mitigation, loss control strategy and potential claim exposures. We have prepared this commentary and other news alerts for general information purposes only and the material is not intended to be, nor should it be interpreted as, legal or client-specific risk management advice. General insurance descriptions contained herein do not include complete insurance policy definitions, terms and/or conditions, and should not be relied on for coverage interpretation. The information may not include current governmental or insurance developments, is provided without knowledge of the individual recipient’s industry or specific business or coverage circumstances, and in no way reflects or promises to provide insurance coverage outcomes that only insurance carriers’ control.

Gallagher publications may contain links to non-Gallagher websites that are created and controlled by other organisations. We claim no responsibility for the content of any linked website, or any link contained therein. The inclusion of any link does not imply endorsement by Gallagher, as we have no responsibility for information referenced in material owned and controlled by other parties. Gallagher strongly encourages you to review any separate terms of use and privacy policies governing use of these third party websites and resources.

Insurance brokerage and related services to be provided by Arthur J. Gallagher & Co (Aus) Limited (ABN 34 005 543 920). Australian Financial Services License (AFSL) No. 238312