The State of Arkansas (“State”) was seeking to improve its cyber security posture to protect the sensitive data it holds and mitigate the financial risks of an attack, by utilizing insurance.
Kroll developed a four-stage approach to understand the State’s current security posture and vulnerabilities, with recommended improvements to build resilience. It tapped into its experience with the insurance industry to bring in policy specialists that could advise the State of its options and requirements to be insured. Finally, Kroll’s years of experience in managing thousands of incidents in collaboration with attorneys and insurance providers gave the State the peace of mind that if an incident did occur, response could be fast and seamless, minimizing potential disruption and financial impact.
The State needed a full-service partner that could assess the current cyber security provisions in place and identify vulnerabilities, as well as recommend future investment to meet best practice levels of cyber protection.
The State was also looking for a partner that had experience with insurance providers, to achieve security improvements that would make the state more insurable, and therefore, further protected against the financial impact of a cyberattack, should the worst happen.
Kroll took a four-step approach to tackling the State’s requirements. This included an assessment, investigation and evaluation stage, followed by security guidance, advice around underwriting requirements and support for response to future incidents.
Working with the State, Kroll’s approach included:
The evaluation process also included assessments against cyber security standards such as the NIST Cybersecurity Framework, state/federal regulations and industry best practices.
Kroll brought in the external expertise of Ridge Global, a risk advisory firm, and Risk Cooperative, a Lloyd’s of London Cyber Coverholder and insurance provider, to provide insight on cyber coverage and premium pricing and to prepare the insurance program parameters, in consideration of the security recommendations the State planned to implement.
Risk Cooperative incorporated Kroll’s recommendations into a customized cyber insurance policy framework which allowed the state to prioritize its assets and ensure it had governance continuity. The policy structure helped the State to reduce the risk of the potential financial burden of a breach. It also ensures that the State is fully prepared to act in the event of an incident and is able to mitigate the financial impact for itself, and in turn, protect the taxpayer dollar.
The State is now better able to mitigate the likelihood of a cyberattack as the security assessment completed by Kroll has provided comprehensive insight into the strengths and weaknesses of its cyber controls and processes.
The State has greater assurance that its data is protected to a high standard, helping to reduce the potential impact of a cyber incident.
The State is now more much more able to withstand the impact of a cyberattack, both from a preparedness and financial perspective, thanks to the cyber insurance policy framework which has enabled it to prioritize its assets and ensure governance continuity.
Kroll’s assessments clearly identified strengths and weaknesses in the State’s cyber security program, strengthening its ability to protect confidential information.
Learn more about Kroll’s Cyber Risk services.
Validate your cyber defenses against real-world threats. Kroll’s world-class penetration testing services bring together front-line threat intelligence, thousands of hours of cyber security assessments completed each year and a team of certified cyber experts — the foundation for our sophisticated and scalable approach.
Kroll's cyber risk assessments deliver actionable recommendations to improve security, using industry best practices & the best technology available.
Kroll’s ransomware preparedness assessment helps your organization avoid ransomware attacks by examining 14 crucial security areas and attack vectors.
Kroll helps development teams design and build internal application threat modeling programs to identify and manage their most pressing vulnerabilities.
Kroll delivers more than a typical incident response retainer—secure a true cyber risk retainer with elite digital forensics and incident response capabilities and maximum flexibility for proactive and notification services.
Stop cyberattacks. Kroll Responder managed detection and response is fueled by seasoned IR experts and frontline threat intelligence to deliver unrivaled response.
Kroll is the largest global IR provider with experienced responders who can handle the entire security incident lifecycle.
Kroll’s elite security leaders deliver rapid responses for over 3,000 incidents per year and have the resources and expertise to support the entire incident lifecycle.