Canadian insurance broker partners with cybersecurity standards compliance manager

A specialty broker providing cyber insurance has found a way to attract business from Canadian small and medium-sized organizations: Partnering with a cloud provider that helps firms meet a cybersecurity standard.

The partnership between  Ridge Canada Cyber Solutions Inc. and CyberCatch is aimed at lowering the odds of insured firms being hit by a breach of security controls by having them implement this country’s CAN/CIOSC 104 national baseline cybersecurity controls for small and medium organizations. 

Canadian firms that sign up for cyber insurance through Ridge Canada get a discount for subscribing to CyberCatch’s Compliance Manager Solution for managing the CAN/CIOSC 104 cyber controls they are expected to implement.

The companies announced the partnership earlier this month.

Ridge Canada Cyber Security is a managing general insurance agency that provides specialty insurance products to Canadian insurance agents and brokers. CyberCatch is a software-as-a-service provider offering solutions to help mid to large-sized companies meet cybersecurity guidelines. U.S. customers have to meet the NIST 800 series of standards, while Canadian firms have to meet CAN/CIOSC 104.

Small and mid-sized organizations (SMOs) have limited resources and generally don’t know what cyber security controls to implement or how to implement in order to be secure from cyber threats, CyberCatch chief executive officer (CEO) Sai Huda, said in a statement. “The Compliance Manager Solution is a one-stop-shop for SMOs.” The platform provides “an easy but smart way to mitigate cyber risk for both the SMO but also the insurer.”

“This partnership allows us to help our broker partners with clients who are still in the assessment and control phases of the enterprise risk management process,” said Ridge Canada CEO Greg Markell. “Recognizing that many underwriting requirements harmonize with CAN/CIOSC 104, it will give many organizations guidance on where they can start, and our broker partners a solution when market feedback is that their client is not ready for cyber risk transfer, as well as for existing clients looking for assistance on staying secure.”

The CAN/CIOSC 104 requirements, published in 2021 by the Canadian CIO Strategy Council, specify a minimum set of cyber security controls for small and medium organizations (defined as firms with fewer than 500 employees). 

The requirements are broken down into two categories:

Level 1 requirements are intended for smaller organizations that are just starting their cyber security journey. Typically they don’t have the resources to invest or outsource IT resources, and their knowledge of cyber security would be considered entry-level;
Level 2 requirements are intended to build from Level 1 requirements as organizations mature and develop their cyber posture. They have a basic understanding of cyber security, general knowledge of the cyber-related risks they face, and are looking to increase their cyber security maturity.

The standard begins with this statement: “Top management of the organization is ultimately responsible for the cyber security program.”

It then outlines a series of steps organizations have to take to comply with requirements. Briefly, these include creating a cybersecurity risk assessment, an incident response plan, and an application patch management plan; enabling and properly configuring security software and hardware for both on-premises and cloud assets; implementing strong user authentication to corporate IT systems; implementing user access control; and properly backing up systems, with encryption where necessary.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Related Tech News

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.