Taking an Underwriter’s Security Posture From At-Risk to Resilient

A commercial insurance underwriter and administration services company was undergoing significant business change, which was putting its security posture at risk. The company was also vulnerable due to inconsistently applied cybersecurity measures, fragmented decision-making and an organizational culture in which security was not recognized as a priority.

A virtual chief information security officer (vCISO) service from Kroll enabled the assessment of the current state of the company’s incident response strategy, its security policies and procedures and overall security culture, helping it to identify and address significant gaps in its approach to security and putting it in a much better position to respond to cyber threats in the future.



  • Insurance
  • Complex organizational structure
  • Inconsistent cybersecurity measures
  • Potential third-party risk



Kroll Services
  • Kroll virtual CISO (vCISO)
  • Enhanced cyber resilience
  • Up-to-date security policy
  • Incident response preparedness

The Challenge

A commercial insurance underwriter and administration services company with a complex organizational structure was at a crossroads. The company was integrating several acquired businesses with very different cultures when its chief information security officer (CISO) resigned. At the same time, the company had implemented a number of budget cuts and an enterprise-wide workforce reduction that included IT staff.

The company faced further cyber-specific challenges due to its service model. As a result of using a network of independent third parties to deliver specialty insurance programs, security issues were not fully visible or manageable. Responsibility for security was divided among IT, security and multiple third parties.

Kroll's Solution

Kroll’s virtual CISO (vCISO) service was selected by the company’s general counsel to help lead executives and technical teams in advancing a mature cybersecurity strategy. Kroll’s vCISO team undertook some preparatory steps in order to understand the current state of the organization’s strengths and vulnerabilities. This included assessing its cybersecurity posture from multiple perspectives, including technology assets, staff expertise and policies and procedures, as well as examining the company’s culture and willingness to implement change. The process also entailed gaining a baseline view of the company’s security culture, i.e., awareness of and compliance among various stakeholders with cybersecurity best practices.

The Kroll team uncovered a range of issues, including inconsistently applied cybersecurity measures across the whole company and conflicting decision-making in several leadership teams around key cybersecurity issues. Additionally, the company was affected by a prevailing belief that it was not at risk of being targeted by cybercriminals, and by its resistance to key cybersecurity measures, such as two-factor authentication. The company was also vulnerable because some of the industries it worked with were more likely than most organizations to be targets of cyber-activism.

Kroll’s vCISO worked across all levels and departments of the company to:

  • Move the CISO position and cybersecurity function under the general counsel to reflect the role of risk management and balance business operations
  • Reform a security committee with representatives across the enterprise to support better decision-making
  • Share insights gained through Kroll’s global fieldwork to underscore why and how the organization was at real risk of cyberattacks
  • Demonstrate how to translate best practices into effective policies and procedures and update information security documentation
  • Lead an incident response tabletop exercise with the security committee and the technical IT and security teams, with the simulations producing significant insights into the complexity involved in the response
  • Outline a strategy to move forward, prioritizing threat detection and response
  • Address security issues related to potentially controversial policyholders
  • Put in place a third-party cyber risk management plan to gauge and mitigate risks posed by vendors and comply with regulations, rank parties’ risk levels based on best practice criteria, and set up initial questionnaires and ongoing monitoring.


The Impact

Streamlined Risk and Operational Management

By gaining the strategic insight required to move the company’s CISO position and cybersecurity function under the general counsel, its risk management role and business operations are more closely aligned, ensuring greater security.

Enhanced Threat Insight

The vCISO harnessed the breadth and depth of Kroll’s in-the-field experience to highlight specific types of threats that posed a significant risk to the company, encouraging the leadership team to recognize the potential issues and take appropriate action.

Incident Response Guidance

By leading a practical incident response tabletop exercise with key leadership teams, the Kroll vCISO ensured that the company understood the potential impact of its current ineffective response to threats. This helped drive a change in focus and stance, enabling the vCISO to support the company to create a strategy and prioritize threat detection and response.

Independent Advice

Having the support of Kroll’s vCISO provides the organization’s leadership team with a valuable independent and highly qualified security specialist. This ensures that no key issues or actions are overlooked in the process of day-to-day operations.

Robust Security Policies and Procedures

Through the support of the Kroll vCISO, the company now has up-to-date and comprehensive information security policies based around industry best practices, ensuring that it fully addresses its cyber risks and is ready to respond effectively in a quickly evolving threat landscape.

Virtual CISO (vCISO) Advisory Services

Kroll’s Virtual CISO (vCISO) services help executives, security and technology teams safeguard information assets while supporting business operations with augmented cyber expertise to reduce business risk, signal commitment to data security and enhance overall security posture.

Cyber Risk

Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.

Incident Response and Litigation Support

Kroll’s elite security leaders deliver rapid responses for over 3,000 incidents per year and have the resources and expertise to support the entire incident lifecycle.

Cyber Risk Retainer

Kroll delivers more than a typical incident response retainer—secure a true cyber risk retainer with elite digital forensics and incident response capabilities and maximum flexibility for proactive and notification services.

Kroll Responder MDR

Stop cyberattacks. Kroll Responder managed detection and response is fueled by seasoned IR experts and frontline threat intelligence to deliver unrivaled response.