CYBER-ATLAS A COMPLETE CYBER RISK MANAGEMENT SOLUTION

Transcription

1 CYBER-ATLAS A COMPLETE CYBER RISK MANAGEMENT SOLUTION

2 CYBER-ATLAS A COMPLETE CYBER RISK MANAGEMENT SOLUTION In the ever-evolving technological landscape which we all inhabit, our lives are dominated by the internet, the computer and the smartphone. Increasingly our time is spent producing and saving data, uploading content, and sending and receiving traffic. 2 This new digital world has brought obvious benefits but it has also created unavoidable by products: cyber-risks and cyber-crime. Examples of cyber risk could include failure of Computer Hardware, Loss of Data, Business Interruption, Infringement, Breach of Confidence and virus transmission. However, notwithstanding the fact that incidents are reported in the news every day, many board members and managers in all sizes of business still do not really fully understand cyber-risk. They are not therefore in a position to introduce and enforce staff training, implement appropriate internal risk management policies and procedures, or ensure that their external suppliers, business partners and professional advisers also have effective cyber-security. Cyber-crime and other forms of cyber-incident are not just a security risk. They are also potentially very damaging to commercial relationships. In the context of supply chains, business partnerships and relationships cyber-security is rapidly becoming a key differentiator. Customers and partners increasingly want to see clear evidence that cyber-security is taken seriously and that the information assets and computer functionality are properly protected by the businesses that they work with. Nevertheless, recent government statistics indicate that boards in all sizes of company still have not properly addressed cyber risks and that Small and Medium Enterprises (SMEs) have particularly weak cyber-security. Cyber-risk management, according to the same statistics is often a low priority and still perceived by many as complex, expensive and ultimately unnecessary. In reality, however, good cyber-security need not be expensive or complicated. In order to avert business interruptions and protect both their own information assets (and those belonging to third parties on their networks). Business of all sizes must now identify a quick, effective and economical way to implement appropriate technical, organisation, and physical defences; they require a means of demonstrating to actual and potential business partners that they meet a recognised standard of cyber-security.

3 CYBER-ATLAS, THE FIRST COMPREHENSIVE CYBER-SECURITY TOOLKIT FOR UK BUSINESSES, SUITABLE FOR SOLE TRADERS THROUGH TO MULTI-NATIONAL ORGANISATIONS. In order to address these needs Willis, in conjunction with Berrymans Lace Mawer LLP (BLM), Charles Taylor and esecurity Exchange, have developed Cyber-ATLAS, the first comprehensive cyber-security solution for UK businesses. Cyber-ATLAS is suitable for Sole Traders through to multi-national organisations and designed to address cyber-security across an entire organisation, from the shop floor to the board of directors. RESILIENCE RESPONSE 3 A T L A S ASSESSMENT Discover your cybervulnerabilities with an easy to complete online assessment TOOLKIT Access valuable tools and advice to help you avoid and respond effectively to a cyber-attack LEARNING Educate your staff on how to identify manage and address the cyber-risk profile within your organisation ACCREDITATION Receive an Accreditation to demonstrate your business has a recognised standard of cyber-security and reduce the cost of insurance SERVICES Access a full range of additional services to help you avoid cyber-security issues and deal with cyberincidents quickly and effectively Most cyber-security standards and educational materials use technical language which board members, managers and staff in companies find difficult to understand and interpret. The vast majority of marketing materials, legal and technical advice, and academic work have been designed for I.T. staff and professional risk managers in large organisations because these were, until relatively recently, perceived to be the key victims of cyber-risk.

4 CYBER-ATLAS - ASSESSMENT I.T. NETWORKS ARE AT THE HEART OF ALL COMPANIES 4 Computer system failure can result from computer attacks, operational and administrative errors and virus transmission. This can cause serious business interruption, halting day-to-day operations and costing companies a significant amount due to lost revenue. Personal data and/or confidential information can be lost by staff or stolen by hackers and/or industrial spies. This can, without exaggeration, be fatal to a business. Cyber-ATLAS Assessment identifies the areas where the organisation falls below recognised standards of cyber-resilience by identifying the organisation s exposures and weaknesses and the steps it needs to take to address them.

5 CYBER-ATLAS ASSESSMENT IS AN ONLINE ASSESSMENT: The cyber-risks to which an organisation is individually exposed such as denial of service attacks, system malfunctions, data breaches, theft of confidential information and cyber-extortion. The current status of the organisation s technical, organisational and physical cyber-security. 5 The report produced by the online assessment is checked and validated by one of our teams. A GREEN, AMBER or RED result is included, along with specific recommendations for improvement where necessary. Completion of the elearning package will increase the likelihood that your organisation will pass the assessment.

6 CYBER-ATLAS - TOOLKIT & LEARNING 6 At the core of Cyber-ATLAS is a unique elearning course for both staff and management with a Cyber-TOOLKIT of templates, examples, assessments, and techniques. Together these two components provide comprehensive cyber-education, training and practical guidance on all of the technical, legal and organisational aspects of cyber-risk management. CYBER-ATLAS TOOLKIT AND elearning IS: In plain easy to understand English Consultancy-free Consistent with the widest range of industry and government cyber-security standards Narration is provided by an actor s voice, and text accompaniment is provided to assist training of those with a hearing impairment If Cyber-ATLAS assessment establishes that an organisation s technical, physical and organisational security falls below recognised standards, it recommends that the organisation take the Cyber-ATLAS elearning course. THE CYBER-ATLAS elearning COURSE PROVIDES A COMPLETE COURSE OF EDUCATION FOR STAFF AND MANAGEMENT COMPRISING: Physical security Organisational security Technical security measures Ensuring the cyber-security of third party suppliers and for business partners Incident response and business continuity Cyber insurance Toolkit providing: a suppliers letter; information on key legal issues; practical guidance on implementing security measures and key legal and organisational documents you will need (e.g. computer use policy, incident response plan and practical guidance on encryption and remote working)

7 CYBER-ATLAS - ACCREDITATION Accreditation is automatic for any Cyber-ATLAS customer who gets a GREEN result on Cyber-ATLAS assessment or re-assessment. Once the course has been completed the business should complete the assessment again measuring itself against the cyber checklist standard: To receive accreditation in the form of the Safer e-trader Accreditation award the completed assessment will be checked by a Cyber-ATLAS consultant If the assessment shows a reasonable state of cyber-awareness then the business will qualify for: The Safer e-trader Accreditation award Improved rating risk exposure which can lead to reduced insurance premiums 7 CYBER-ATLAS ACCREDITATION PROVIDES AN EDGE FOR YOUR BUSINESS TO EVIDENCE ITS CYBER-RESILIENCE WHEN WINNING BUSINESS, COMMUNICATING WITH CUSTOMERS, MANAGING SUPPLIERS AND SECURING INSURANCE AT ADVANTAGEOUS PRICES.

8 CYBER-ATLAS - SERVICES 8 OPTIONAL PROFESSIONAL SERVICES TO FURTHER ASSIST IN THE MANAGEMENT OF RISK Despite achieving and maintaining an industry or government recognised cyber-security standard it may not be possible to avoid a cyber-incident, particularly if your business becomes a target for attack. In addition, some businesses may need technical and/or legal advice to deal with particular issues. Cyber-ATLAS, as a complete cyber-solution, includes a number of additional on-demand services to cater for these additional needs. 24/7 INCIDENT RESPONSE SERVICE Cyber-incidents are unique thanks to their technological and legal complexity and the exponential rate at which financial loss and reputational damage can grow. They give rise to a combination of interconnected technological, legal, forensic and insurance issues all of which may need to be addressed immediately after an incident has been discovered. Cyber-incidents cannot be managed by lawyers or I.T. professionals alone. Those managing a cyber-incident must have a range of technical, legal, forensic and crisis management skills so that in the case of incidents affecting the integrity of data or a computer network: Affected system can be repaired Evidence of the origins of the incident is identified and preserved Those affected are notified where appropriate Financial loss and damage to reputation is minimised Incidents are reported to the Information Commissioner where appropriate Legal claims both by and against the victim are efficiently handled and in cases arising from multimedia risk: Offending material is removed from a website as quickly as possible Legal consequences of the defamatory statement or intellectual property infringement in terms of expensive litigation can be minimised

9 CYBER-INCIDENTS ARE UNIQUE BECAUSE OF THEIR TECHNOLOGICAL AND LEGAL COMPLEXITY AND THE EXPONENTIAL RATE AT WHICH FINANCIAL LOSS AND REPUTATIONAL DAMAGE CAN GROW. ADDITIONAL TRAINING We have developed a range of c yber related training and awareness material to ensure that staff and contracted resources are fully aware of the threats, risks and vulnerabilities within their organisation. The training is delivered over two days at nominated locations agreed with the customer. The package incorporates structured lessons and advice as well as practical workshops for each module of the course, helping your staff to better understand the content in each subject area. An examination at the end of the course provides assurance that course attendees have fully understood the aims: The ability to classify assets Understanding of the threats in the wild Understanding of vulnerabilities that exist within organisations Understanding of the risks posed within cyberspace Awareness of available controls Understanding of organisational governance, risk management and compliance requirements / regimes Detailed understanding of the cyber standard TECHNICAL CONSULTANCY SERVICES Training services Auditing services Penetration testing Your exposure LEGAL SERVICES Emergency injunctions Injunctions Civil and criminal proceedings E-commerce Intellectual property law Defamation law Data protection and privacy law Law of confidence Contract, tort and insurance law ADVICE ON CYBER INSURANCE Gap analysis of existing insurance cover including policy comparisons Advice on appropriate cyber-insurance 9

10 10 FOR MORE INFORMATION VISIT

11

12 Willis Limited The Willis Building 51 Lime Street London, EC3M 7DQ United Kingdom Tel: +44 (0) Willis Limited, Registered number: England and Wales. Registered address: 51 Lime Street, London, EC3M 7DQ. A Lloyd s Broker. Authorised and regulated by the Financial Conduct Authority /03/14