The supply chain cyber risk finder partner diagnosis services
Sustainable growth in cyber security compliance. Leveraging governance frameworks to report anomalies and risks.
Meeting your compliance scores and ensure your standard operating procedures are functioning appropriately. The details preferably coloration ID to escalate to your supply chain which of the compliance measures and security measures failed and the escalation of details to these coloration ID to have the standard operating procedures in place to ensure escalated risks that matured are mitigated by secondary controls and communicate preferably including the details of the case Where compliance levels did not reach the set standards within the supply chain. Not just report the noncompliance on a standard and not mention which occurrence and which compliance procedures where not scored to the baseline your set to be measured.
Having the lights being turned on in the Cloud App Catalog and the General, Security, Compliance and legal standards starting to report with the case and incident reporting to the Cloud App Catalog which General, Security, Compliance and Legal Standard was effectively below the required baseline scores. Allowing the data to becomes a data driven reporting of standards for the Cloud App Catalog and the available applications. Sustainable and resilience being built in the interdependencies of our supply chains and reporting to mitigate risks and reduce occurrence and existence due to the escalation procedures and reporting of case related details to each area in general security compliance and legal levels of completed baseline procedures in place.
Supporting Cyber Attack Countermeasures for the Entire Supply Chain Launch of “Cyber Risk Finder Partner Diagnosis Service”
Mitsui Sumitomo Insurance Co., Ltd. (President: Shinichiro Funabiki), Aioi Nissay Dowa Insurance Co., Ltd. (President: Keisuke Niino), and MS&AD InterRisk Research & Consulting, Inc. (President: Masashi Ippongi) have developed the “MS&AD Cyber Risk Finder Partner Diagnosis Service,” which can comprehensively diagnose cyber risks lurking in the affiliated companies and business partners of large corporations. Through the provision of this service, the three companies aim to strengthen corporate countermeasures against increasingly dangerous supply chain attacks and transform the value provided as a risk solution platform.
1. Background As cyber attacks targeting companies and organizations become a social issue, there have been successive damages caused by attacks targeting small and medium-sized enterprises (SMEs) that are affiliated with or business partners of large corporations, which are considered to have weak countermeasures. The Ministry of Economy, Trade and Industry and the Information-technology Promotion Agency (IPA) revised the Cybersecurity Management Guidelines in March 2023, calling for measures across the entire supply chain. However, managing cyber risks across the entire supply chain, which includes many affiliated companies and business partners, is time-consuming and difficult to objectively grasp. In this context, the three companies have developed a service for large corporations that can diagnose cyber risks of affiliated companies and business partners in bulk, grasp trends across the entire supply chain, continuously monitor, and notify of vulnerabilities in emergencies by applying the technology of the cyber risk diagnosis service provided to SMEs.
2. Service Overview (1) Features
By utilizing Attack Surface Management (ASM), jointly developed with the U.S. cyber insurance company Coalition, known as a private partner of the National Institute of Standards and Technology (NIST), the service can diagnose and visualize cyber risks of dozens to hundreds of affiliated companies and business partners of large corporations in bulk.
The service diagnoses target companies on a monthly or quarterly basis and provides diagnostic results, including overall trend values and past transitions.
By detecting and notifying of system defects that lead to “zero-day attacks,” which are considered difficult to counter, the service enables timely and appropriate grasp of highly urgent system defects.
(2) Service Start Date, etc.
Mitsui Sumitomo Insurance: From March 18, 2024
Aioi Nissay Dowa Insurance: From May 2, 2024 (today)
Target Customers Mainly large corporations (companies aiming to strengthen cybersecurity measures for affiliated companies, overseas local subsidiaries, contractors, and business partners). The service is available regardless of the presence or absence of an insurance contract.
Cost Individually estimated based on the following elements:
Diagnostic frequency
Number of diagnostic companies (number of diagnostic domains)
Diagnostic method (detailed diagnosis, simple diagnosis)
Application Method Please contact us through the official website below: [MS&AD Cyber Risk Finder Partner Diagnosis Service]
3. Future Developments The three companies will contribute to improving cybersecurity across the entire supply chain and provide appropriate solutions for risks that companies should prioritize by combining this service with services for SMEs. Furthermore, the service is planned to be used to check the security status of insurance agents who are partners of Mitsui Sumitomo Insurance and Aioi Nissay Dowa Insurance.
Reference
Image of supply chain attacks and this service
Summary of cyber risk diagnosis results
Diagnostic results for each affiliated company and business partner