Member Profile: Jon Engleking

Credit to member Howard Cohen for writing this member profile series for the NSITSP blog. Be like Howard and Jon and join the NISTP today!

Jon Engleking recalls a conversation back in 1990 with his best friend since childhood who predicted, “In 10 years every business will be using credit cards.” His friend intended to start up a company to sell electronic terminals businesses could use to take credit cards, and told Jon he’d need someone to run his operations so he could focus on sales.

Jon tells us his friend was wrong. It only took 5 years!

The company they founded by locating and selling the right terminal grew to over 30 locations and was fabulously successful.

A Few Companies Later

Jon and his partners sold that company, and then launched, operated, and sold a few more companies, culminating in an insurance venture.

Some of his insurance clients began adding cybersecurity insurance. When they started getting hacked, they told Jon their claims were getting denied for some unknown reason.

Immediately researching the problem Jon encountered a fact that would trigger his “Ah-hah” moment. He learned that over 68% of all cyberinsurance claims were being denied. Realizing that most insurance people had little or no familiarity with technology and few technology people understood insurance, he set about to create a solution.

He quickly determined that few of the companies that had purchased cyberinsurance were currently in compliance with federal and other regulations, including his own company! Studying the various frameworks available to help achieve compliance, Jon built the beginnings of his own framework with which he could assure his clients their claims would be paid and their environments would be fully compliant. “It’s everybody’s role in cybersecurity,” explains Jon, “and companies need to have a really solid risk strategy behind their efforts.”

Cyber Risk Strategies

Jon launched Cyber Risk Strategies (CRS) to bridge the gap between technology service providers, insurance providers, and effective management of risk to assure the regulatory compliance required to assure customers of having their cyberinsurance claims paid. Their tagline says it all:

“Empowering Businesses to Navigate Cyber Risk with Confidence”

Describing the CRS holistic approach to fulfilling this promise, Jon explains that most companies focus on the technical vulnerabilities customers face. They don’t make the connection with regulatory requirements and having financial protection in addition to their technology protection.

Jon explains that he focuses on getting customers to understand the potential cost of their risks are, and making sure they understand they need to mitigate those risks either by adding more technology in the form of more technology, or avoid the cost by protecting it financially with insurance.

An Ideal Partner for MSPs

CRS is frequently called in my MSPs to partner with them in providing the right cyber insurance for their customers. Jon mentions that this has been a “two-way” street in which CRS often recommends clients to specific MSPs based on seeking a good fit.

CRS provides a vital link between an MSP, their customer, their customer’s risks, and the insurance company working to sell them cyberinsurance. CRS performs the comprehensive risk analysis to establish the value of each, along with an audit of the customer’s current state of compliance to determine what if any remediation will be required.

Armed with this information, the MSP can confidently proceed to propose and perform the required regulatory compliance remediation and then assist the customer in properly preparing the application for the right levels of cyber insurance. With the insurance properly specified and the environment in full compliance, the customer’s risks are fully mitigated.

“CRS works with the MSP’s tech team,” explains Jon. “We don’t sell technology, we just work with the customer on their policies and procedures, written plans and more making sure they have an effective instant response plan, security incident and event management program, and everything else the regulators want to see in place. With policies and law changing so much so often we must provide constant monitoring of the changes and make sure customers make the corresponding corrections.”

“This is especially important,” adds Jon, “when customers are renewing their insurance because of all the constant policy changes.” He then adds, “When you renew your car insurance would you ever really read your car renewal policy? No. But you can’t apply that to cyber insurance. You need to be diligent.”

“And remember,” he closes, “you must be sure to have every policy examined very carefully by someone who understands them because, as we all know, insurance companies love making things confusing!”

Forecasting the Future

Asked what changes in technology and risk mitigation will be bringing in the future, Jon replies instantly, saying, “With AI and the speed of things I think managing the pace of change is going to be a big challenge. Many companies want to move fast, but if they don’t balance it with understanding the risks. This can lead to increased exposures, burnout, inefficiencies, and more.”

He continues, “One of the biggest challenges is helping leaders figure out which risks are worth spending money on. Whether it’s mitigating risk, transferring it through insurance, or avoiding it all together, if they don’t take the time to prioritize, they can end up moving forward without realizing they’ve created gaps that could hurt them later.” Learn more about Cyber Risk Strategies at http://cyberriskstrategies.ai.

Be like Howard and Jon and join the NISTP today!