Rapid Response
Third Rock’s rapid response arms you with the right response to reduce cyber claims cost
The Issue
Almost all cyber claims are treated as
DEFCON 5 situations
The process for most insurance cyber claims uses a one size fits all approach. Driven by fear of being sued for noncompliance, law firms became the leaders in cyber incident project management. The faulty thinking is that businesses view a breach of personal data as their only significant cyber-related concern.
The Facts
Not all cyber claims result in a breach
With new cybersecurity technologies and the vast data that exists between companies, vendors and employees, businesses need to identify operational exposures, not just legal ramifications. It’s time for insurance companies to be empowered to reduce claims costs, improve client experience, analyze trends and improve policy holder’s cybersecurity across people, processes, technology and vendors.
Our experience in multiple industries can help you.
The cyber claims process needs to evolve as cyber evolves.
Insurance companies are the leaders in driving cyber protection and reducing risk for businesses. As cyber crime evolves, insurance companies have the opportunity to transform their claims process.
We know technology, cybersecurity, privacy regulations and insurance.
Since 1995, Third Rock continues to be a thought leader in cybersecurity and compliance. We have in-depth experience in cyber risj and compliance management and automation.
Gain signifcant cost savings, deliver better experience for policy holders and reduce ongoing cyber risks with Third Rock’s Rapid Reponse
See how our solution can evolve your cyber claims process.
Our multi-industry experience can work for you
Excess Line Association of New York (ELANY) vetted us, along with other companies, for months before choosing us as the cybersecurity and professional complaince organization for their members.
We also work with Texas Medical Liability and Trust (TMLT), the largest insurer for physicians in the nation.TMLT compared our CyberCompass® software to over ten competitors and found it the most comprehensive and user-friendly.
See how CyberCompass® automates your work flow in any industry
There’s a better way to deliver rapid response for a variety of cyber incidents and reduce costs:
We have seen first-hand how attorneys using “legal-only” thinking. Clients and insurance companies were impacted by precious time wasted, simple solutions missed and often, an incident turned into a breach.
Third-Party Breach
Industry
Healthcare
Cyber Issue
The client received their 2nd letter from the OCR because HIPAA cybersecurity and compliance plans prepared by a law firm were not adequate to address a data breach. OCR required a new submission in 2 weeks.
Potential fine
$500,000
Potential Damage
Fine, loss of patent clients, reputation
Third Rock’s Rapid Response
Delivered a report in less than 4 days to the client’s attorney correcting previous incorrect statements about data loss by the client. Attorney reviewed and submitted to OCR. OCR dismissed the entire audit.
Internal Breach
Industry
Real Estate
Cyber Issue
An employee stole corporate data and protected personal information.
Potential fine
none
Potential Damage
Major loss of business and clients
Third Rock’s Rapid Response
Confirmed the suspicious behavior, identified the accessed systems and stolen data in 3 days. Worked with IT department and FBI. Person arrested in less than 2 weeks. No data was actually lost and no notifications required.
Full network scans, operating system scans and external penetration testing were performed. The network vulnerability scan identified four unkown devices that were found and removed from the network by the IT department. Two were old systems but the other two were potential stealth devices that were not activated externally.
Identity Theft
Industry
Healthcare
Cyber Issue
Employees used company data to create and sell fake IDs on the dark web
Potential fine
$100,000
Potential Damage
Identity theft of patients’ data and business reputation
Third Rock’s Rapid Response
Analyzed activity logs of suspected user. Documented proof that the employee accessed the EMR system beyond their authorized use, accessed websites to create false identification material and to sell created materials. Analyzed documents, documents lack of uploads and lack of information on the dark web to prove no data was actually stolen, lost or destroyed. No fine was incurred. No notifications were required after review by legal counsel.
Third Rock’s rapid response solution
Our solution starts with using a formal project management approach to utilize the right expertise to:
- Reduce claim costs
- Protect the policyholders’ business
- Provide learnings/ trends about cyber crime
- Educate the policyholder about cyber risks
- Empower the policyholder to manage cyber risks
- Provide guidance to legal firms to drive for higher efficiencies
- Deliver timely tracking and status for cyber crimes
Rapid response project management approach
Step 1:
Triage
Triage Assessment
Assessor interviews client and IT department to determine the who, what, when and possible data lost
Priority 1: Event
Priority 2: Incident
Priority 3: Breach
How to act
Cyber Triage Assessor will provide the client immediate actions to take in order to limit exposure and secure evidence based on assessment results
Guide to next level
Cyber Triage Assessor will scheduel discovery assessment if determined your are at Priority 2 or 3
Step 2:
Discovery
Discovery Assessment
CISSP Forensics team does technical deep dive to determine if a breach occured and the severity if so
1. Scan/analyze system and application logs
2. Create/review data map of sensitive data
3. Conduct technical scans – inventory, network and operating scans
If Priority 2 determined
If certified assessor determines unauthorized activity or abnormal behavior then claims is notified
If Priority 3 determined
If certified assessor determines data loss, then claims, legal counsel and communications firm are notified
Step 3:
Recovery
Comprehensive Report
Develop comprehensive documentation of all findings with executive summary for quick review by all parties
Custom Remediation Plan
Based on the discovery and client’s resources, Third Rock will generate a custom remediation plan
Manage Recovery
This plan will be available in CyberCompass® software to prioritize, manage and collaborate with client and associated parties
Using automation to increase quality and reduce your costs
Only CyberCompass® delivers and maintains cyber claim playbook.
Cyber Compass® is cloud-based software that automates cyber risk management to increase productivity by 70%. With every cyber crime being different, unique expertise is needed. CyberCompass® creates the “go-to” tool for all the findings, reporting and actions. It creates an on-demand portal for the client, legal firm, communication firm and insurance claims departments to see the status.
By it capturing the information for cyber claims as they are assessed and remediation, insurance companies will have access to better insights and data to understand how to better manage cyber risk with their clients going forward. It provides your client with a secure encrypted vault to upload all the documentation.
Want to learn more about CyberCompass®? Visit their website for product information and updates.
Ready to start saving money?
Our tiered proposed fee structure is based on the severity of the cyber incident, not an hourly rate.
$500 – $1,500 per triage call
$7,500 – $20,000 per security/privacy incident that can be remediated without legal assistance
$12,500 – $35,000 per data breach for providing oversight and project management for legal, specialized forensics and notification communication firms