Context
This local government client using AWS services came to Resilience looking for cyber insurance coverage to supplement their investment in cybersecurity. The client had strong controls and obtained comprehensive coverage but still needed Resilience’s Risk Expert's support to maximize their investment in cyber risk management.
Challenge
Six months after their initial onboarding, the client realized they had experienced two potential data security incidents within the same month. A ransomware attack against one of their third-party vendors and an erroneous loss of employee data. In both cases, the client needed to evaluate whether customer and employee private data were accessed and whether they had any data breach notification obligations as a result.
ACTION PLAN
Vendor Risk Management Guide to assess and respond to third-party risk
Crisis Communications Guide to help them avoid common crisis communication mistakes
Incident Response Plan with Tabletop Exercise, including AWS regional outage simulation
Monthly meetings with the client’s IT team to ensure the cyber hygiene plan was on track
Solution
The Resilience Claims & Incident Management team immediately contacted the client and their broker to introduce them to panel-approved privacy law firms that specialize in assisting clients throughout the lifecycle of a privacy matter. We guided them through responding to the incidents and continued to work with them to strengthen their risk posture and build resilience against future incidents.
Results
Resilience helped this client respond immediately to both incidents, mitigate potential losses, and minimize incident response costs. This is a direct result of incident response planning, vendor risk management, and crisis communication instruction and guidance provided by our expert teams.