Cyber Security Risk Mitigation Program

InfoSight's Cyber Security Risk Mitigation Program (CS‐RMP) is designed to help insurance companies reduce risk, incidents and claim costs and offer immeasurable value in the form of assessment, technology solutions and education to the insured.

Where most IT companies offer a "snap shot in time," InfoSight offers the initial baseline assessment and ongoing monitoring programs to ensure there is a substantial and progressive defense program in place.

Benefits of our cyber security risk mitigation program

  • Increase insurance coverage to an appropriate level to cover the cost of a security breach.
  • Ability to identify costs not covered by cyber insurance.
  • Reduce the number of claims resulting from security breaches.
  • Reduce the risk of disputes in business operations.
  • Assist companies in reducing their cyber security risk rating.
  • Receive monthly security posture reports.
  • Provide an incident response plan which manages next steps during a security breach.
  • Provide justification for enhanced security tools and services.
  • Provide security awareness training for all employees including Board of Directors.
  • Access to virtual ISO and compliance officer mentoring.
  • Provide recommendations to increase technical training for employees.
  • Provide access to security awareness courses for employees and third party providers.
  • Provide recommendations for changes in IT and business policies.
InfoSight's Cyber Security Risk Mitigation Program (CS‐RMP) educates applicants and insureds ("companies") about information security best practices and assists in developing real‐world strategies for defending against cyber security attacks and the costs associated with a data breach.

The program information will assist the insured companies in selecting the right amount of insurance coverage and reduce the probability of a cyber security incident and the associated insurance claim payouts.

Additionally, the program identifies gaps in business processes, technology and the human factor. Information captured in the Cyber Security Risk Mitigation Program can also be used to develop an incident response plan, which would expedite the containment of incidents and further reduce claim costs.

The Cyber Security Risk Mitigation Program consists of a vulnerability assessment and business process review to determine the current state of cyber security resilience.

Vulnerability Assessment
  • Review and test the network environment for vulnerabilities and infections.
  • Review and test network security defenses, and malware and intrusion software / hardware.
  • Analyze security breach response history, if applicable.
  • Review patch management processes.
  • Evaluate malware and cyber threat detection processes on a real-time basis.
  • Analyze backup processes and encryption technologies.
  • Review change control processes and methods of ensuring post change‐control testing.
  • Review processes for employee technical certifications and training.
  • Review disaster recovery and business continuity planning.
Business Process Review
  • Conduct a social engineering phishing assessment to establish a baseline of knowledge for employee security awareness.
  • Review of employee security awareness training program.
  • HR on‐boarding and off‐boarding process.
  • Review business policies including password access rights, internet access, use of portable media storage (USB, DVD) and multiple factor authentication.
  • Review escalation processes for notification of a security breach.
  • Review process for archiving non‐current company information to a secure network or storage resource.
  • Review process for determining vendor requirements of SSAE16 certification.
  • Review all network access methods by BAAs.
  • Review BAA cyber security training.
  • Develop a vendor management program.

We help insurance companies offer immeasurable value to the insured. Contact us to help you increase revenues and reduce the number of claims while ensuring your customers attain and maintain a strong security posture.