Case Study

Cyber insurance risk assessment for a local government authority

When:
2023
Where:
Australia
Services involved:
Cyber

Our cyber consulting team was engaged to carry out an in-depth cyber risk assessment for one of the biggest local government authorities in Australia.

Given the scale and complexity of the client, underwriters required a comprehensive overview of the organisation and its cyber risk exposure in relation to the security of critical data stores and the availability of critical systems and services for local citizens.

The process

Working with the local authority for a period of 3 months, we developed a highly detailed understanding of the client from an information security perspective, with a specific focus on how individual departments/services are governed and how critical systems and services (including critical Operational Technology systems) are maintained and secured.

We began this process with an initial scoping workshop to better understand its operations and IT environment, before engaging with the client on a detailed controls assessment to identify which information security controls are in place and to provide underwriters with supporting narrative around specific gaps and ongoing/future improvements.

The result

Using the information obtained throughout our engagement, we produced a highly detailed cyber risk report which enabled underwriters to better understand the client’s exposure, and provided supporting narrative around specific nuances and control gaps which are traditionally omitted (and therefore often misunderstood) in a traditional underwriting engagement.

This resulted in the client obtaining favourable terms on its cyber insurance policy, becoming one of the first local government authorities in Australia to do so.

Project leads
Nick Robinson
Consultant, Crisis & Security Strategy
View profile

Outcomes

  • A due diligence process which enabled underwriters to themselves get a better view of the cyber security controls in place at the organisation.
  • Visualisations of architecture and infrastructure, and how this connects to revenue, which can be used to stimulate better conversations both within the client and with insurance markets.
  • A highly detailed assessment of the controls in place to mitigate cyber risks at the organisation in comparison to the benchmarks currently being set by insurance markets, which covered around 60 control types across 20 different control themes.
  • A report which was shared with brokers, underwriters, and the information security team to be used as a single source of truth to help identify the organisation’s requirements for cyber insurance cover.

Relevant case studies

View more projects we have completed for clients.

2024
Cyber risk assessment and insurance demystification for a major airline
Philippines
Cyber
2023
In-depth cyber insurance risk assessment for a major US holding company
US
Cyber
View all

Contact us

We’re always keen to talk through problems – even if you don’t end up working with us.

Let us know your problem or situation and one of our consultants will get back to you and arrange a call.

Step one
You let us know what you or your team requires help with.
Step two
One of our consultants will arrange a meeting to find out more.
Step three
We outline how we can help you in a proposal.
Step four
If accepted, we begin providing you or your team with our solution.