Thu, May 23, 2019
A commercial insurance underwriter and administration services company with a complex organizational structure was at a crossroads. The company was integrating several acquired businesses with very different cultures when its Chief Information Security Officer (CISO) resigned. At the same time, the company had implemented various budget cuts and an enterprise-wide workforce reduction to include IT staff.
The company faced additional cyber-specific challenges in its service model, where specialty insurance programs were primarily distributed through a network of independent third parties. Security functions were managed and divided among IT, security and multiple third parties. Kroll’s virtual CISO (vCISO) was engaged by the company’s general counsel to help lead executives and technical teams in rethinking and advancing a mature cyber security strategy.
Initial steps taken by Kroll’s vCISO team:
Issues discovered in this phase included:
Technical and strategic actions led by Kroll’s vCISO crossed departments and seniority levels to achieve wider adoption:
Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.
Kroll’s Virtual CISO (vCISO) services help executives, security and technology teams safeguard information assets while supporting business operations with augmented cyber expertise to reduce business risk, signal commitment to data security and enhance overall security posture.
Kroll's data privacy team provide DPO consultancy services to help you become and stay compliant with regulatory mandates.
Ensure that your cyber security policy has the appropriate controls needed to keep your organization's information secure with a remediation plan in place in the event of an incident.