A thorough Incident Response Plan allows you to take a hit without impacting your material ability to deliver value.
Context
This client in the education industry experienced two incidents in the recent past, making it a challenge for them to qualify for insurance in the open market. Resilience’s security team recognized the likely cause of these successful attacks was their poor security posture. Our security team knew there was significant work to be done to improve these terms by renewal. The organization was willing to do the work and engage with our team to get them on track for better coverage.
Challenge
After reviewing their security posture, our security team realized one of the biggest challenges facing this organization was their lack of an incident response plan. They would need to implement strategies surrounding crisis communication, containment, and restoration. Having experienced two incidents already, building a step-by-step plan to respond to future incidents would be pivotal in aligning this client’s cyber risk objectives and preventing further data breaches.
Solution
Our security team built an actionable cyber hygiene plan to employ the specific security controls the organization would need to qualify for ransomware terms.
The plan included:
- Monitoring of critical exposures and vulnerabilities
- Remediation tracking of any gaps in the security plan or program
- Cyber risk quantification modeling to structure probabilistic risk scenarios and anticipate the impact
- Monthly meetings with the client’s IT team to ensure the cyber hygiene plan was on track for renewal
- Comprehensive state-of-your-risk report
With these improved security tools in mind, we constructed a thorough incident response plan (IRP) and tested it through tabletop exercises. Soon after the IRP was in place, the client experienced another incident. Using their tailored, step-by-step IRP strategy, they responded efficiently and effectively, minimizing the damage of the attack. The issue was resolved within days, and no claim needed to be filed.
Result
Despite starting with inefficient insurance with zero ransomware coverage, this client improved their risk profile through continuous engagement that resulted in better insurance terms. At renewal, they received $250K in ransomware for the same premium. They also successfully responded to a data breach without interrupting their organization’s ability to deliver value. Come their next renewal, this $250k policy jumped to $5M in ransomware coverage. Through our human-in-the-loop partnership and quantified action plan, this organization restored their reputation as a secure institute and remains resilient against cyber attacks.