When the New York State Department of Financial Services (DFS) mandated that financial services companies take more extensive cyber security measures to help safeguard their clients’ data, W.J. Cox Associates, Inc. was unsure how they’d find the time and expertise among their staff to assess their cyber security risk and implement a comprehensive plan that recognizes and mitigates that risk.
With deadlines looming, W. J. Cox Associates partnered with Novatek to develop a comprehensive Cyber Security Plan and Risk Assessment to meet the new DFS standards set forth as 23 N.Y.C.R.R. Part 500. Not only did W. J. Cox meet the deadlines, they now have peace of mind knowing their systems and their employees are better prepared to prevent and respond to a security breach.
Given the nature of the data stored in their systems, insurance and financial services companies are highly targeted by cyber criminals. Despite the sophisticated systems these companies have in place, the number of cyber attacks continues to rise, prompting the issuance of new DFS regulations. As a small firm with limited internal resources, the team at W.J. Cox knew they needed to update their existing documentation not only to achieve compliance, but to better protect their clients’ information. Calling in the experts made sense.
“We provide insurance — we aren’t IT people. But it was up to us to put the pieces of the plan together. I tried to update the plans myself, but we just don’t have the resources.”
-Susan Kane, Vice President of Underwriting
Working together with W. J. Cox, Novatek developed a comprehensive Cyber Security Plan and Risk Assessment, including:
- A gap analysis to identify holes in compliance
- A cyber security plan that addresses specific DFS requirements
- A risk assessment plan that includes standard operating procedures and a risk assessment form
- An easy-to-follow cyber awareness training program
In addition to the plan and assessment, Novatek created a customized cyber awareness training plan to help W.J. Cox’s employees understand their role in cyber security. According to the Vice President of Underwriting, “Employee training is the most important thing. They must know their role in preventing cyber attacks.” Novatek delivered a detailed, easy-to-use training program that was simple to follow. It included instructor-led material and self-study segments along with assessments. Approval signatures were built right into the program.
“Novatek laid out all the instructions so we could conduct the training ourselves. They even provided the sign-in sheets. It’s a very good program — now we just need to do small tweaks to keep it up to date."
Armed with a comprehensive, updated cyber security plan, risk assessment, and training program, W.J. Cox met the DFS deadline and stringent compliance requirements. According to Susan, “Outsourcing the documentation of our cyber security plan to Novatek was a great decision. They developed our plan faster than we could have done internally and even delivered it ahead of schedule. It was well worth the money.”
Find out if your company can survive a cyber attack?
Watch the on-demand webinar on Incident Response Planning.