News & Insights

How a cyber security solution can mitigate large organisations’ cyber risks

Published 09 February 2022

Cyber attacks are a major concern around the world and Australia is no exception. Ransomware in particular poses a significant threat to all types and sizes of organisations across all industries. While insurance is an important part of cyber risk management, mitigating cyber risks by having adequate controls in place is critical, and is strongly recommended by the Australian Cyber Security Centre (ACSC). Through our partnerships, Gallagher can help with cyber security services to monitor, manage and mitigate cyber risks.

 


What cyber security methods are needed for large companies?

A best practice framework based on technical cyber expertise from the Australian government has produced 8 essential controls for larger organisations to mitigate cyber security threats, known as the Essential 8. These have been found to mitigate up to 85% of cyber threats.

The ACSC outlines the Essential Eight Cyber Security controls to be as follows:
 


Source of infographic: Huntsman Security


The Essential 8 controls are components of three key areas of cyber security:

  1. Preventing attacks, through application control and hardening, updating applications by patching, and configuring Microsoft Office macros for safety.
  2. Limiting the damage from a cyber attack, through restricting administrative privileges to needs only, applying timely patching to operating systems and using multi-factor authentication for all access.
  3. Recovering data and system availability, through backing up critical data daily to mitigate impacts of a potential cyber attack and enable faster recovery and less cyber-related business interruption.
     

Consider these defence grade cyber security services for your organisation

Gallagher Australia’s partnership with Huntsman Security*, an Australian provider of defence-grade cyber security solutions, provides access to critical cyber risk management products for larger organisations.
Given cyber risks change constantly, are growing in prevalence and in the nature of techniques used by cyber attackers, setting up a systematic cyber governance framework for your organisation should be an essential step in your risk mitigation plans.

“You can’t make cyber security a periodic tick-box exercise. To be effective you need ongoing visibility and understanding of where your systems’ vulnerabilities are and what needs addressing. Our partnership with Huntsman makes this capability accessible to our clients via the Essential 8 Auditor product," says Robyn Adcock, Gallagher Cyber/Technology Practice Leader.


Huntsman Security’s Essential 8 Auditor tool — key information

The Essential 8 Auditor 

  • is an out-of-the-box tool that is quick to install and set up, not requiring external staff or specialists for implementation or use 
  • connects easily to all of your organisation’s data sources and endpoints and within minutes
  • supports you in mitigating up to 85% of targeted cyber-attacks and identifies an easy-to-follow remediation list
  • identifies cyber vulnerabilities and provides benchmarked ratings against the ACSC Essential 8 controls. 
     

The Essential 8 Auditor automatically and accurately reports on the status of your risk management efforts against the Essential 8 controls.  Executives and management value the Essential 8 Auditor as it provides an evidential trail of performance on-demand, with automatically generated and distributed reports that can be exported for remote management and reporting.In addition to delivering an immediate score of your cyber risk  maturity,  the Essential 8 Auditor is a comprehensive  risk management tool for compliance auditing and reporting. It generates point in time reports, or more regular summaries, to identify trends and delivers prioritised alerts.
 

The advantages of having ongoing cyber security monitoring

Unlike other business risks, cyber risk is dynamic – it can change daily so periodic assessments can limit an accurate picture of your current risk exposure.

  • The Essential 8 Auditor can be operated by anyone in the IT team, and is not limited to those with security engineering expertise.
  • The Essential 8 Auditor helps you benchmark your operation’s cyber security against the recognised government Essential 8 framework . Once you have recorded your baseline performance you can build a plan for improving areas of deficiency. The Essential 8 Auditor then measures the effectiveness of your improvements.
  • The data collected by the Essential 8 Auditor can be exported and shared with colleagues and executives and management  for strategic and operational use or inclusion in security audit reports.

“Risk Management and ideally prevention play an important role in supporting cyber insurance cover.  We have formed these partnerships to help our clients have visibility and understanding of their risk, effectively protect themselves and reduce the likelihood of having a cyber claim,” Adcock says.

“Talk to one of our cyber insurance specialists to find out more about accessing these cyber security tools.”
 

Further reading

check

Cyber insurance

Find out morechevron-right
check

Do I need cyber-liability insurance?

Find out morechevron-right
check

Huntsman Security Solutions

Find out morechevron-right
check

Essential Eight explained

Find out morechevron-right
check

Security audit and vendor due diligence in a new normal

Find out morechevron-right
Gallagher provides insurance, risk management and benefits consulting services for clients in response to both known and unknown risk exposures. When providing analysis and recommendations regarding potential insurance coverage, potential claims and/or operational strategy in response to national emergencies (including health crises), we do so from an insurance and/or risk management perspective.
Legal penalty highlights businesses’ cyber security obligations
Cyber | Article

Legal penalty highlights businesses’ cyber security obligations

21 June 2022
Adapting your risk management protections to match evolving cyber cover
Cyber | Report

Adapting your risk management protections to match evolving cyber cover

31 May 2022
On-Demand Webinar: What Really Happens When You Negotiate with a Hacker: An Insider’s View
Cyber | Webinar

On-Demand Webinar: What Really Happens When You Negotiate with a Hacker: An Insider’s View

21 April 2022