Incorporating the NIST Framework

To improve critical cybersecurity infrastructure, the National Association of Insurance Commissioners (NAIC) recommends implementing the National Institute of Standards and Technology (NIST) framework to help manage cyber risks.

It is broken down into five steps: Identify, Protect, Detect, Respond, and Monitor, and has some basic practices you can help your clients take immediately to protect their data and information.

Figure 1:

Some risk consultants who specialize in cyber risk see the need to take the process further.

The Mid-State Group,, in Lynchburg, VA, has embraced the NIST framework and combined it with the risk management process to ensure its clients comply with stringent data protection and privacy regulations.

5 step

Figure 2: Five-Step ERM Process from Beyond Insurance

“Since the pandemic began, cyber attacks have increased over 600% with 43% targeting vulnerable small businesses. 60% of these small businesses will go out of business within six months of an attack. It's not a matter of if you get attacked but when, and can your business recover? The only proven method to protect, detect, respond, and recover from a cyber incident is to follow an industry best practice such as NIST Cybersecurity Framework,” said John Basten, President and Chief Growth Officer, The Mid-State Group.

When you collaborate with your clients as a cyber risk consultant by combining the risk management and NIST processes, you are well-poised to reduce cyber risk, help businesses remain solvent and resilient, and provide them with full coverage that offers robust protection.