Case Study: Cybersecurity Plan, Risk Assessment, and Cyber Awareness Training Helps Insurance Company Meet Compliance Deadline
Amy Castronova
Former CEO | Business Growth Coach & Leadership Facilitator | Helping Women Entrepreneurs in Male-Dominated Industries, create BUSINESS GROWTH and PERSONAL FREEDOM and Unlayer Guilt-Free SUCCESS.
When the New York State Department of Financial Services (DFS) mandated that financial services companies take more extensive cybersecurity measures to help safeguard their clients’ data, W.J. Cox Associates, Inc. was unsure how they’d find the time and expertise among their staff to assess their cybersecurity risk and implement a comprehensive plan that recognizes and mitigates that risk.
With deadlines looming, W. J. Cox Associates partnered with Novatek to develop a comprehensive Cybersecurity Plan and Risk Assessment to meet the new DFS standards set forth as 23 N.Y.C.R.R. Part 500. Not only did W. J. Cox meet the deadlines, they now have peace of mind knowing their systems and their employees are better prepared to prevent and respond to a security breach.
Challenge
Given the nature of the data stored in their systems, insurance and financial services companies are highly targeted by cybercriminals. Despite the sophisticated systems these companies have in place, the number of cyberattacks continues to rise, prompting the issuance of new DFS regulations. As a small firm with limited internal resources, the team at W.J. Cox knew they needed to update their existing documentation not only to achieve compliance, but to better protect their clients’ information. Calling in the experts made sense.
“We provide insurance — we aren’t IT people. But it was up to us to put the pieces of the plan together. I tried to update the plans myself, but we just don’t have the resources.” -Susan Kane, Vice President of Underwriting
Solution
Working together with W. J. Cox, Novatek developed a comprehensive Cybersecurity Plan and Risk Assessment, including:
- A gap analysis to identify holes in compliance
- A cybersecurity plan that addresses specific DFS requirements
- A risk assessment plan that includes standard operating procedures and a risk assessment form
- An easy-to-follow cyber awareness training program
In addition to the plan and assessment, Novatek created a customized cyber awareness training plan to help W.J. Cox’s employees understand their role in cybersecurity.