CyberCecurity offers a broad range of trusted cyber security consulting and advisory services which are designed to help our clients align their IT and security operations with the NIST Cyber Security Framework. Our services include:
The Target data breach and resultant fallout should have been a wake-up call to the C-Suite. The time has come to make cyber security a key component of business strategy. The idea that you, as company leader, can relegate this critical issue to the IT department is false... and very dangerous.
But in an environment where business leaders are not prepared to discuss core IT issues, what is the likelihood that they are prepared to discuss cyber security issues? And what is the likelihood that they are prepared to actually manage cyber security operations and decisions?
Here are some critical questions related to this matter. Like a test for alcoholism, if you answer "no" for any of them, you (as company leader) may not be doing your job and may have serious culpability and liability if your organization suffers a breach.
We all know that "the devil is in the details" and success with cyber security depends to a great degree on your ability to ask the right questions.
Remember what Albert Einstein said, "All of life's answers are available if we just know which questions to ask."
Our advice: Ask better questions. You'll get better answers.
Whether you are a small business or an international billion-dollar publicly traded company, Ray Hutchins and CyberCecurity are uniquely positioned to help you understand and manage cyber security policy and management decisions. Call him today for more information.
For various reasons, boards of directors are even more removed and disassociated with cyber security policy making than top-level management. But that does not diminish board responsibility or liability. The primary focus of the recent annual convention of the National Association of Corporate Directors (NACD) was cyber security. Board members with a grasp of cyber security issues and the knowledge to ask the right questions can bring great value to the companies they serve. Having a coach like Ray Hutchins in your corner will be a cost-effective way for you to make the contribution you are being paid to make.
Company business and IT leadership face a bewildering and constantly changing cyber security landscape. Correctly assessing your organization's vulnerabilities is a critical and necessary task—something which cannot be left only to internal resources. And once the initial assessment is complete, third party assistance is strongly advised as part of on-going mitigation efforts. This includes any necessary vendor assessment and management processes.
Buying cyber security products is not only expensive, it is also terribly complex and fraught with opportunity for failure. Did you know that (depending on how you define them) there are between 60-80 different cyber security product CATEGORIES? If you buy the wrong product, you may find your network incorrectly protected and your company committed to an expensive, long-term relationship with a vendor that does not meet your security needs.
Let CyberCecurity help you with your cyber security vendor assessment process. More information HERE.
It is probably safe to say that our political leadership... whether it is at the national, state or local levels... is not capable of having effective, informed debates about the many cyber security threats facing our nation and communities. Currently, there are some fifty cyber security bills under consideration in the U.S. Congress alone. How much legislation is either under consideration or will be in our state and local governments? Cyber security poses critical issues that legislators cannot just shrug off and trust to various special interests. Ray Hutchins can serve in an important advisory capacity to legislators and their support staff.
Cyber insurance may sound like a solution to your problems, but if it is not applied and deployed correctly, it could be a huge waste of money and provide NO COVERAGE at the very moment you need it the most. We don't sell cyber insurance, but we can make sure you get the right policy and help you document your cyber security activities in a way that ensures that your insurance company will honor its contract with you.
Interest in cyber insurance has blossomed over the last six months after a series of high-profile hacks, including the recent one involving the U.S. Office
of Personnel Management.
In response, many businesses are trying to protect themselves by purchasing cyber insurance. But it's not easy to acquire a cyber insurance policy that
manages your risk and will actually pay your claims.
Cyber insurance coverage could help offset the financial burdens of a cyber attack, possibly covering everything from notifying customers, forensic
investigations, and legal expenses.
Big companies are rapidly increasing their coverage limits. Last year, financial institutions raised by nearly 20 percent the total limits of their cyber
coverage with Marsh, a global insurance broker and unit of Marsh and McLennan Cos, to an average of $23.5 million. Premiums for a $10 million policy at financial
institutions with under $1 billion in revenue can run between $150,000 to $175,000 per year, according to Marsh. The same story is rolling out for smaller
companies.
Here are some quick tips on finding the best policy for your company. For more information, contact Ray Hutchins at 303-997-5506.
REDUCE RISKS AND EXPOSURE
Efforts to limit potential risks could lower premiums. Put in place cyber security policies...and then enforce them. Security awareness training for your
staff is important and try to find a carrier that will help you complete a thorough and honest assessment of your company's vulnerabilities, in order to
avoid purchasing a policy that is full of holes.
ENCRYPTION
Insurers may reward efforts, such as the encryption of employees' mobile devices, with discounts by offering lowering deductibles and premiums.
CHECK FOR COVERAGE GAPS
Some firms believe their coverage is complete after adding cyber riders to
general business insurance. But there are usually big gaps that can cost you
later. For example, outdated language in insurance documents may not mention
coverage for phishing attacks.
NEGOTIATE SUB-LIMITS
A $1 million policy may offer only $250,000 in coverage sub-limits for each of
four potential claims categories, including legal expenses and hiring a forensic
company to analyze damage. But insurers can increase those sub-limits without
changing the overall limit.
DETAILS
Read the fine print! A policy may exclude coverage for regulatory expenses,
which may surprise firms. Insurers are already starting to cut back on coverage
as claims increase and regulators focus more on cyber security issues. That
could leave you without critical coverage when you need it the most.