Cyber insurance risk assessment for a local government authority
Our cyber consulting team was engaged to carry out an in-depth cyber risk assessment for one of the biggest local government authorities in Australia.
Given the scale and complexity of the client, underwriters required a comprehensive overview of the organisation and its cyber risk exposure in relation to the security of critical data stores and the availability of critical systems and services for local citizens.
The process
Working with the local authority for a period of 3 months, we developed a highly detailed understanding of the client from an information security perspective, with a specific focus on how individual departments/services are governed and how critical systems and services (including critical Operational Technology systems) are maintained and secured.
We began this process with an initial scoping workshop to better understand its operations and IT environment, before engaging with the client on a detailed controls assessment to identify which information security controls are in place and to provide underwriters with supporting narrative around specific gaps and ongoing/future improvements.
The result
Using the information obtained throughout our engagement, we produced a highly detailed cyber risk report which enabled underwriters to better understand the client’s exposure, and provided supporting narrative around specific nuances and control gaps which are traditionally omitted (and therefore often misunderstood) in a traditional underwriting engagement.
This resulted in the client obtaining favourable terms on its cyber insurance policy, becoming one of the first local government authorities in Australia to do so.
Outcomes
- A due diligence process which enabled underwriters to themselves get a better view of the cyber security controls in place at the organisation.
- Visualisations of architecture and infrastructure, and how this connects to revenue, which can be used to stimulate better conversations both within the client and with insurance markets.
- A highly detailed assessment of the controls in place to mitigate cyber risks at the organisation in comparison to the benchmarks currently being set by insurance markets, which covered around 60 control types across 20 different control themes.
- A report which was shared with brokers, underwriters, and the information security team to be used as a single source of truth to help identify the organisation’s requirements for cyber insurance cover.
Relevant case studies
View more projects we have completed for clients.
Contact us
We’re always keen to talk through problems – even if you don’t end up working with us.
Let us know your problem or situation and one of our consultants will get back to you and arrange a call.