YOUR FIRST STEP IN CYBER SECURITY

CYBERISK CHEK — YOUR FIRST STEP IN CYBER SECURITY | 01 CYBERISK CHEK — YOUR FIRST STEP IN CYBER SECURITY | 02

impacting their creditworthiness. The need to include cyber preparedness in risk management practices has increased significantly. Cyberisk Chek is an effective tool for the financial community to qualify credit risk utlizing our proprietary Cyber Preparedness %age Score.TM

YOUR FIRST CHOICEIN QUALIFYING CYBER CREDIT RISK

The Cyber Preparedness %age Score offers the following advantages;

Credit Quality Evaluation The cyber preparedness score provides a snapshot showing the level of readiness to a cyber event to help assess a company’s creditworthiness. Applications include: Loan Approval Process Credit Rating Evaluation Internal Audit Process

Risk Assessment A score of 75% or better indicates a higher understanding of cyber security protocols while a score under 50% warns that there is increased exposure to cyber risk.

The company size and sensitivity of information & data allows you to gauge the appropriate

percentage preparedness is directly proportional to assumed cyber risk.

Action Plan Provided Every report provides a priority based action plan for client implementation.

Vendor Management The Cyberisk Chek analysis provides a clear picture of the cyber threat preparedness of third party vendors and subcontractors that may have

institution.

Financial Advisors The Cyberisk Chek assessment provides a integral component of the individual/organization

have a dramatic effect to the bottom line of any client. Cyberisk Chek provides piece of mind.

A DUTY OF CARE

There is currently no tool available for underwriters that allows them to make a quick informed decision on insurance acceptability. Cyberisk Chek is an inexpensive snapshot based on all current industry standards producing our proprietary Cyber Preparedness %age Score.TM

THE PREMIER UNDERWRITING TOOL FOR CYBER INSURANCE

The Cyber Preparedness %age Score offers the following advantages;

Risk Acceptability A score of less than 50% could produce a declination while a score of 75% or over may result on the allocation of higher limits and perhaps a discounted premium.

Delegation of Underwriting Authority A score of 75% or better could be authorized by all underwriters while anything under that may require a more senior person to look at the risk.

Increase Dollar Value of Policy Cyberisk Chek preparedness scoring provides the foundation for qualifying cyber risk. If the %age of risk exceeds the existing policy level/protection then the score can be used to secure the appropriate policy level.

Increase Cyber Underwriting Opportunities Cyberisk Chek takes the guess work out of

qualify candidates and entertain expansion or entry, into the cyber sector.

Saves Time The score allows an underwriter to make a quick informed decision without having to read through several pages of cyber questions and answers.

A Picture is Worth a Thousand Words

You can select the appropriate survey by both company size and sensitivity of information & data allowing you to gauge the right assessment at the right time for the right entity.

Action Plan Provided Every report provides a priority based action plan for client implementation. This provides guidance and a baseline for future comparison.

Cost Effective An accurate industry standarized risk assessment can be obtained for a minimal investment and is scalable by business size and data sensitivity.

BROKERS, AGENTS & FINANCIAL ADVISORS

The nature and scope of their duties are governed by the extent to which the client “relies” on the advisor to provide advice. In a situation where the individual or business has a direct risk of cyber attack penetration due to data sensitivity or other factors that may directly affect their ability to earn, it is the duty of the advisor to review options for protection of their assets.

planning.

The Cyberisk Preparedness %age Score provides a foundation of understanding and an action plan for the client, while ensuring that the requirements from a duty of care standpoint are covered.

YOUR FINTECH SOLUTIONYOUR INSURTECH SOLUTION

The cyber preparedness score is to a cyber underwriter what a photo of the risk would be to a property underwriter.

CYBERISK CHEK — YOUR FIRST STEP IN CYBER SECURITY | 04

In the development of the Patent Pending Cyberisk Chek Analysis and Cyber Preparedness %age Scores, globally recognized questions and queries regarding threats associated with cyber breaches were reviewed and collected.

well as pertinent to all world markets and were included in the comprehensive report. All questions were divided into key industry recognized categories such as; fraud detection, directory management, E-Mail protection and so forth and then prioritized by their critical nature in relation to the potential loss.

In developing the weighting scales of each category and the Preparedness Score as a whole, commonly used risk management tools and grading processes

Council (FFIEC) Cybersecurity Assessment Tool), VaR Value at Risk (statistical

on Investment (Conference Board of Canada), Threat and Risk Assessment Working Guide Grading System (SANS Institute 2017), Time-to-Compromise Model for Cyber Risk Reduction Estimation (McQueen, Boyer, Flynn, Beitel),

Questions selected in the overall impression were then listed and prioritized based on relevant concerns post an in-depth review by industry experts.

AWARENESSCyberisk Chek provides awareness presentations and support documentation for insurance representatives, brokers,

when possible, CEU based activities. We work closely with Regional, National and International Associations in each Industry Sector to ensure the latest and most prevalent topics are covered in relation to cyber risk threats.

Our goal is to reinforce the importance of educating the consumer on the importance of cyber threat awareness and most importantly provide a clear understanding of the prioritized action plans for each area of cyber security. The Cyberisk Chek %age Preparedness Scores are integral to the understanding on why to have cyber insurance in place, how to determine the policy or loan range, premium or interest level and how to communicate this message properly to the appropriate decision makers.

WE ARE YOUR FIRST STEP IN CYBER SECURITY

ALGORITHMS & WEIGHTING OF RISK

CYBERISK CHEK — YOUR FIRST STEP IN CYBER SECURITY | 03

THE EMPLOYER SOLUTION

tell you immediately how vulnerable your business is to cyber-attack and the steps necessary to ensure your business’s safety and long-term viability.

1. Reputational harm (79 percent)2. Business interruption (78 percent)3.

General Small Business Cyber Security Statistics: • 60 percent of small companies go out of business within six months of a cyber-attack.• 43 percent of cyber-attacks target small business.• 14 percent of small businesses rate their ability to mitigate cyber risks, vulnerabilities and attacks as highly effective.• 48 percent of data security breaches are caused by acts of malicious intent. Human error or system failure account for the rest.• 55 percent of respondents say their companies have experienced a cyber-attack in the past 12 months.• 50 percent report they had data breaches involving customer and employee information in the past 12 months.• Post these incidents, these companies spent an average of $879,582 because of damage or theft of IT assets.• In addition, disruption to normal operations cost an average of $955,429. {Small Business Trends 2017 Statistics}

As cyber criminals continue to target businesses, owners and employees need to know how to protect both theirclients and themselves. Cyberisk Chek is your key to awareness and the first step in developing an actionplan to mitigate risk.

Assumed Risk Through Subcontractors & Vendor ManagementEven though you may feel you are covered, what about the companies and individuals accessing your databases and organization – are they following the same security guidelines as you are? They pose an inherent risk to your operations,

working with are not going to be a threat to your organization.

WE GIVE YOU A PIECE OF MIND THE GLOBAL ACCEPTED SOLUTION

CYBERISK CHEK — YOUR FIRST STEP IN CYBER SECURITY | 01

For complete details on Cyberisk Chek please contact info@cyberiskchek.com

HEALTHCAREThe expectation of privacy surrounding medical records and

hackers to target healthcare companies with cyber-attacks. Unfortunately, healthcare networks don’t tend to be as well-

easier to attack, even if less lucrative for hackers. The sheer volume of healthcare data breaches from 2016 supports this claim, with at least one breach having occurred every single day. This resulted in more than 27 million patient records being affected. Cyberisk Chek provides a clear and concise plan to ensure data security and to reduce exposure to threats.

ASSOCIATION ADMINISTRATORSThe potential cost of cyber-attacks is too high for any organization to ignore. Yet many still rely on antiviral software or their IT department to root out attacks. It’s imperative that employees and the end users of association assets be trained to recognize suspicious activity and report it immediately. Understanding the core risk threats and beginning a plan to minimize and eliminate them is where Cyberisk Chek plays an important role. Protection of your systems directly affects the members of your association. Once you have begun, the goal would be to provide a value-added proposition to your members through the Cyberisk Chek analysis, to ensure they are also protecting their assets.

EMERGING RISK; BRING YOUR OWN DEVICE (BYOD) & CHOOSE YOUR OWN DEVICE (CYOD)The Bring Your Own Device (BYOD) experience of the last several years has increased with the advent of accelerated use of remote business operations — replete with incidents of data leakage, unauthorized access to company data, and systems and employees downloading unsafe apps and content — has left IT executives understandably uneasy about the security implications of continuing to let employees use their personal devices for work.

Moving to a Choose Your Own Device (CYOD) regime would mean that management can limit employee access to certain apps and even certain functions. And instead of burdening users with the responsibility to install anti-virus software, administrators would be able to take the lead in highly securing the devices and enforcing policy-based administrative controls and network settings in a more centralized fashion. But, CYOD makes the corporation responsible for buying the devices as well as for providing ongoing security management. So, while a CYOD model may help increase security, the organization winds up paying the full tab and may be stuck with outdated technology in inventory.

In either case it is imperative to fully understand the cyber risks associated with both the device and the environment with which it will be operated.

Cyberisk Chek provides an easy and informative way to set the “ground rules” for both BYOD and CYOD infrastructures.

THE CYBERISK CHEK REPORT

CYBER THREATSLEGALPrivate client data can yield corporate secrets like upcoming mergers and transitions that are not yet public knowledge, as

that stops or prevents their cyber-attack in order to get the

don’t usually have as much protection against cyber-attacks.

Cisco’s annual ranking of industries targeted by hackers—

checklists and subject themselves to audits of their information security apparatus. Reports and surveys in recent years from

various sources (Citigroup, Marsh USA, and even the ABA)

to publicly disclose security breaches.

all reasonable efforts to protect the information they hold. Remaining the weakest link protecting their clients’ data is an unsustainable proposition.

also threatens their ability to retain their clients and has a direct effect on their reputation and credibility.

Recent leaks setting the pace for 2017/2018 are; “Panama Papers – 11 Million documents”, “Cravath Swain & Moore LLP – 03/2016”, “Weil Gotshal & Manges LLP.” and it was recently discovered that Russian cybercriminal “Oleras”

steal confidential information for purposes of insider trading.

General Overview of Risk“Snapshot of Cyber Preparedness”

Provision of; a review of the Overall Risk Impression Value, detailed summary of the Average Total Risk Value and lastly your Cyber Preparedness Percentage Score which determines your ability to withstand

Cyber Security Implementation Program (CSIP).

Detailed “by item” Analysis of RiskThirty-Seven categories of integral risk avoidance topics are reviewed and weighted by associated risk level. The results are color coded for ease of understanding and broken down by level of importance.

Prioritized Action PlanThree Prioritized Action Plans are provided based upon the data collected from the client’s question / answer

Elevated based upon risk of security controls being compromised with the possibility of measurable losses.

Each report is divided into three sections;

1 2 3

CYBERISK CHEK — YOUR FIRST STEP IN CYBER SECURITY | 05

SERVICE SITE:

INFORMATION SITE:

WWW.CYBERISKCHEK.COM

WWW.CYBERISKCHEKINFO.COM