CDCATInsurance 2016
- 1. CDCAT® Insurance Services Kyngswoode Services Limited Bringing innovation to the insurance industry
- 2. The Cyber Defence Capability Assessment Tool (CDCAT® ) is an effective, comprehensive way for organisations to assess their existing cyber defences, identify any vulnerability(s) in their defences and what mitigations can be applied. Considering the frequency of attacks on organisations’ sensitive cyber assets – CDCAT® is an essential tool in combatting the threats posed by any number of cyber-criminals and criminal organisations. CDCAT® was developed by the Defence Science and Technology Laboratory (Dstl), a trading fund of the MOD. Dstl provides impartial scientific and technological advice to the UK Armed Forces and British Government. Kyngswoode Services Limited was awarded, by APMG International, the rights to provide a CDCAT® derived service to the London insurance sector and associated international organisations. Kyngswoode Services use the data from CDCAT® assessments to create a view of the insurable risk an underwriter should consider before accepting the cover. This report allows the underwriter to consider the cyber risk fully without seeing all the underlying evidence that a client may prefer to keep confidential due to the sensitive nature of the data. A military grade cyber defence assessment
- 3. Why was CDCAT® Introduced? Cyber-criminals continuously evolve and adapt their methods of bypassing the traditionally rigid cyber-security controls organisations have in place. For organisations to stay safe they need to be similarly adaptive – this is where CDCAT® comes in. While it is highly advantageous for organisations to implement standards such as ISO/IEC 27001, or employ tools like penetration testing – these only constitute one part of an effective cyber security strategy. CDCAT® is designed so that full sets of best practice controls are incorporated, 145 controls in total - including ISO/IEC 27001:2013, the US’ NIST Cyber Security Framework, UK’s 10 steps to Cyber Security and Cyber Essentials. The result is a truly comprehensive cyber-security assessment tool, enveloping the standard lifecycle of assess, deter, protect, detect and respond – mapped against the ITIL lifecycle of Service Strategy, Service Design, Service Transition and Service Operation. What is CDCAT® Insurance Services? CDCAT® Insurance Services utilises CDCAT® to support insurance underwriters and brokers using fact based certified assessments to confirm their client’s cyber defence capabilities. This will enable brokers to seek better premiums and underwritten conditions for their clients as well as allow underwriters to use fact based evidence to assess cyber risks. The resulting output includes: ■ Overall rating of cyber risk management capability as measured against agreed risk appetite ■ Maturity scores between zero to five for each control assessed ■ Vulnerability status for each control assessed ■ Red, Amber, Green (RAG) status relative to risk appetite ■ RAG status relative to best practice ■ Benchmark rating against an organisation’s own sector / cross- industry sectors, as well as geographic comparisons ■ Estimated average annual risk cost What benefits can CDCAT® offer the insurance industry? Brokers To give the best service to their clients, brokers need to understand the risks they are working with. Cyber Security is no different to any other risk yet the industry continues to cautiously write specific cyber risk cover and Directors and Officers cover on little known fact based assessments and without a truly independent and impartial certification of the cyber defence capability of their client. CDCAT® Insurance Services will allow a broker to achieve better underwriting and exclusions for their clients by demonstrating their clients’ true cyber defence capability. Underwriters Complex and or commercial risks are always supported by some type of certification to validate the status of the risk such as aviation, marine and heavy lifting. Yet the most unknown risk, which is cyber and data breach, is assessed without any truly independent, objective and certified status of a moment in time assessment. CDCAT® can provide a quick review of any clients’ defences, at any time. Third Party Services As an organisations cyber defence capability is measurable using CDCAT® it is easy to reassess capability at any point in time. Therefore CDCAT® can be used to support Claims Management, Legal and Cyber Consulting Services who are engaged to provide remedial services for clients. In each case, a current point in time assessment could assist the outcome of each service being offered. ■ Unique decision support system which allows a company to proactively tackle its cyber security needs through business risk appetite analysis. ■ Provides simple steps to improve cyber defence capabilities. ■ Supports continuous security improvements for organisations and supply chains - as threats, consequences and risk appetites change. ■ Provides cyber professionals with the tools to build effective business cases for vital updates. Worst case scenario modelling outlines the potential cost to an organisation of not implementing the recommended change and suffering a breach. This is measured against the costs of enacting the change. ■ Provides organisations with a way to report back to key stakeholders that they are addressing sector based vulnerabilities. ■ Calculates overall business preparedness scores. ■ Cost savings can be driven through adopting an efficient risk management approach utilising the recommendations. CDCAT® benefits: Contact: Andrew McQuade E: [email protected] T: +44 (0) 7956 640322 www.apmg-cyber.com/cdcat-insurance www.kyngswoode.com CDCAT® is the registered trademark of The Secretary of State for Defence and is subject to Crown Copyright and Crown Database Rights. APMG International is the principal licensee of CDCAT®, ap- pointed to further develop and commercially exploit the tool.
- 4. Contact APMG SOUTH AFRICA OFFICE Tel: +27 21 0033623 Email: [email protected] SPAIN OFFICE Tel: +34 911 829 933 Email: [email protected] UK OFFICE Tel: +44 (0)1494 452450 Email: [email protected] ASIA INDIA OFFICE Tel: +91 (0)80 6583 6280 Email: [email protected] MALAYSIA OFFICE Tel: +6.03.6211 0281 Email: [email protected] CHINA OFFICE Tel: +86 (0)532 85 78 95 91 Email: [email protected] AUSTRALASIA AUSTRALIA OFFICE Tel: +61 (0)2 6249 6008 Email: [email protected] Global Headquarters UNITED KINGDOM Tel: +44 (0)1494 452450 Email: [email protected] Web: www.apmg-cyber.com, www.apmg-international.com AMERICAS Canada OFFICE Tel: +1.647.980.5234 Email: [email protected] US OFFICE Tel: +1.781.275.8604 Email: [email protected] Brazil OFFICE Tel: +55 (11) 3042 4939 Email: [email protected] EMEA BENELUX OFFICE Tel: +31 (0)35 52 31 845 Email: [email protected] GERMANY OFFICE Tel: +49 2133.53.1667 Email: [email protected] ITALY OFFICE Tel: +39 333 326 6294 Email: [email protected] Nordics Office Tel: +46 8 587 434 00 Email: [email protected] FOLLOW US ONLINE @Cyber _APMG www.linkedin.com/company/apmg-international blog.apmg-international.com www.apmg-cyber.com