Testing business continuity plans (BCP) for a leading InsurTech company

The Challenge

Ransomware attacks have increased dramatically in 2021 and pose a new threat. Data is no longer just encrypted for payment in order to generate profit, but is now deliberately leaked on the dark web and to other interested parties to damage reputations, gain political capital and often just to create havoc for those targeted.

EIP is a leading global Insurtech provider that takes the security of its data and that of its customers very seriously. As part of EIP’s focus on continuous improvement they wanted to test their existing business continuity plans and raise the awareness within the company of the potential consequences of emerging threats such as ransomware. In May 2021 they brought together their operational and strategic teams together (virtually) to engage in an online exercise to raise further awareness of the threats posed by ransomware , to ‘stress test’ our current processes, and to identify any areas for development. The exercise proved to be a very worthwhile activity and investment in time. Not only did it give their team assurances that they were doing everything they could to prevent, and if they had to, respond to a cyberattack but also helped them identify where they needed to bring in new measures in order to address the new threats being faced.

How We Assisted

Working closely with EIP’s Information Security Officer Lee Williamson we designed an immersive exercise, relevant to the operations of the company that would test the its business continuity plan when responding to a credible threat.

By creating a mock ransomware scenario, a series of mixed media that replicated both internal and external communications EIP’s team worked through how they would respond to the scenario presented. During the 3-hour simulation, at each stage the team took time to reflect upon the actions they took towards the different challenges put in front of them, the consequences of their actions and importantly what learnings they could take away to make any improvements in their relevant departments.

What Was Achieved

As output from the exercise, key learnings were captured and an action plan put in place to further enhance EIP’s business continuity programme.

Bernice Woolley, EIP’s Managing Director, had this to say about the exercise “bringing together a remote working international team, getting a time where everyone can dedicate an afternoon in their busy schedules and ensuring complete engagement isn’t easy in any organisation however the fact we did reflects the importance everyone in EIP puts on ensuring our data security and the exercise was incredibly valuable. The threat of a cyberattack is faced by every organisation, large and small and at EIP we take this threat very seriously.”

If you would like to know more about how EIP undertook the exercise or discuss how EIP’s InsurTech solutions can help your business, please don’t hesitate to contact them.

" The exercise had to be engaging, reflect a real scenario we could face tomorrow and most importantly deliver outputs and learnings we could take action upon. Using Cognitas View360Global platform we connected members of EIP’s operational, strategic and management teams from across Europe to undertake the simulation "
- Lee Williamson, Information Security Officer, EIP