Recent events have proved once again that cyber attacks are a major concern for businesses around the world, and Australia is no exception. Ransomware in particular poses a significant threat to all types and sizes of organisations across all industries. While insurance is an important part of cyber risk management, mitigating cyber risks by having adequate controls in place is critical, and is strongly recommended by the Australian Cyber Security Centre (ACSC). Through our partnerships, Gallagher can help with cyber security services to monitor, manage and mitigate cyber risks.

What cyber security methods are needed for large companies?

A best practice framework based on technical cyber expertise from the Australian government has produced 8 essential controls for larger organisations to mitigate cyber security threats, known as the Essential 8.

The ACSC outlines the Essential Eight Cyber Security controls to be as follows:

8 essential controls for larger organisations to mitigate cyber security threats

Source of infographic: Huntsman Security

The Essential 8 controls are components of three key areas of cyber security:

  1. Preventing attacks, through application control and hardening, updating applications by patching, and configuring Microsoft Office macros for safety.
  2. Limiting the damage from a cyber attack, through restricting administrative privileges to needs only, applying timely patching to operating systems and using multi-factor authentication for all access.
  3. Recovering data and system availability, through backing up critical data regularly to mitigate impacts of a potential cyber attack and enable faster recovery and less cyber-related business interruption.

Consider these defence grade cyber security services for your organisation

Gallagher Australia's partnership with Huntsman Security*, an Australian provider of defence-grade cyber security solutions, provides access to critical cyber risk management products for larger organisations.

Given cyber risks change constantly, are growing in prevalence and in the nature of techniques used by cyber attackers, setting up a systematic cyber governance framework for your organisation should be an essential step in your risk mitigation plans.

"You can't make cyber security a periodic tick-box exercise. To be effective you need ongoing visibility and understanding of where your systems' vulnerabilities are and what needs addressing. Our partnership with Huntsman makes this capability accessible to our clients via the Essential 8 Auditor product," says Robyn Adcock, Gallagher Cyber/Technology Practice Leader.

Huntsman Security's Essential 8 Auditor tool — key information

Huntsman Security’s Essential 8 Auditor tool — key information

The Essential 8 Auditor

  • is an out-of-the-box software application that is quick to install and set up, not requiring external staff or specialists for implementation or use
  • connects easily to all of your organisation's data sources and endpoints and within minutes provides visualisation of your cyber maturity score
  • idenifies vulnerabilites that might put your organisation at risk and provides an easy-to-follow remediation list
  • provides benchmarked ratings against the ACSC Essential 8 controls.

With its comprehensive attack surface management (ASM) capabilities the Essential 8 Auditor automatically verifies your IT assets, measures vulnerabilities and reports any areas of changing cyber risk.

Executives and management value the Essential 8 Auditor as it provides an evidential trail of performance on-demand, with automatically generated and distributed reports that can be exported for remote management and reporting.In addition to delivering an immediate score of your cyber risk maturity, the Essential 8 Auditor is a comprehensive risk management tool for compliance auditing and reporting. It generates point in time reports, or more regular summaries, to identify trends and delivers prioritised alerts.

The advantages of having ongoing cyber security monitoring

Unlike other business risks, cyber risk is dynamic — it can change daily so periodic assessments can limit an accurate picture of your current risk exposure.

  • The Essential 8 Auditor can be operated by anyone in the IT team, and is not limited to those with security engineering expertise.
  • The Essential 8 Auditor helps you benchmark your operation's cyber security against the recognised government Essential 8 framework . Once you have recorded your baseline performance you can build a plan for improving areas of deficiency. The Essential 8 Auditor then measures the effectiveness of your improvements.
  • The data collected by the Essential 8 Auditor can be exported and shared with colleagues and executives and management for strategic and operational use or inclusion in security audit reports.

"Risk Management and ideally prevention play an important role in supporting cyber insurance cover. We have formed these partnerships to help our clients have visibility and understanding of their risk, effectively protect themselves and reduce the likelihood of having a cyber claim," Adcock says.

"Talk to one of our cyber insurance specialists to find out more about accessing these cyber security tools."

Connect with an expert

Disclaimer

Gallagher provides insurance, risk management and benefits consulting services for clients in response to both known and unknown risk exposures. When providing analysis and recommendations regarding potential insurance coverage, potential claims and/or operational strategy in response to national emergencies (including health crises), we do so from an insurance and/or risk management perspective, and offer broad information about risk mitigation, loss control strategy and potential claim exposures. We have prepared this commentary and other news alerts for general information purposes only and the material is not intended to be, nor should it be interpreted as, legal or client-specific risk management advice. General insurance descriptions contained herein do not include complete insurance policy definitions, terms and/or conditions, and should not be relied on for coverage interpretation. The information may not include current governmental or insurance developments, is provided without knowledge of the individual recipient's industry or specific business or coverage circumstances, and in no way reflects or promises to provide insurance coverage outcomes that only insurance carriers' control.

Gallagher publications may contain links to non-Gallagher websites that are created and controlled by other organisations. We claim no responsibility for the content of any linked website, or any link contained therein. The inclusion of any link does not imply endorsement by Gallagher, as we have no responsibility for information referenced in material owned and controlled by other parties. Gallagher strongly encourages you to review any separate terms of use and privacy policies governing use of these third party websites and resources.

Insurance brokerage and related services to be provided by Arthur J. Gallagher & Co (Aus) Limited (ABN 34 005 543 920). Australian Financial Services License (AFSL) No. 238312