ICICI Lombard General Insurance is one of India’s leading private sector general insurance companies. The Company provides an array of comprehensive and well-diversified non-life insurance products and risk management solutions to secure customers and their family against unexpected and untoward events. It has a strong, diversified and seamless distribution channel both online and offline to serve the needs of its individual, corporate, MSMEs and government customers.
The insured company is a prominent and well-established paper and board manufacturing company based in India. With a rich history spanning several decades, the company has earned a reputation for excellence in producing high-quality paper and board products.
The insured company operates from two expansive manufacturing facilities characterized by highly automated processes. Given their substantial reliance on operational technology, it became imperative to undertake a Vulnerability Assessment and Penetration Testing (VAPT) initiative. This undertaking aimed to pinpoint vulnerabilities within their technology infrastructure and promptly deploy measures to preclude potential cyber disruptions
In response to these concerns, the insurer instigated a comprehensive VAPT drive designed to unearth vulnerabilities and assess their potential impact if exploited by malicious actors. This activity unfolded in three key stages. Firstly, an initial assessment was conducted to identify existing vulnerabilities. Subsequently, a remediation phase was undertaken to rectify these vulnerabilities. Lastly, a confirmatory scan was performed to validate the effectiveness of the remediation measures on the identified vulnerabilities.
The initial VAPT scan unveiled the presence of 40 vulnerabilities, which collectively posed a staggering Value at Risk of approximately INR 14.40 Crores concerning potential cyberattacks. Swift action was taken to prioritize and remediate these vulnerabilities, ultimately reducing the Value at Risk to approximately INR 4.3 Crores. This marked a remarkable 70% reduction in the overall Value at Risk, effectively fortifying the organization against potential threats.
The insurer recommended the frequency of vulnerability assessment and penetration test activity to be increased to identify all emerging cyber threats. Implementation of Insurer’s remediation suggestions would reduce the probability of occurrence of cyber-attack significantly.
