Navigating Cyber Risk Across Shared Systems and Responsibilities
Navigating Cyber Risk Across Shared Systems and Responsibilities
Sector :
Investments and Insurance
The Challenge
A company seeking to strengthen its cyber resilience recognized that its risk profile was uniquely complex. Its cyber environment was fully managed by a third party, creating shared responsibilities for data protection, incident response, legal obligations, and cyber insurance. To prepare leadership for a real-world cyber event, the company engaged Juno Risk to deliver practical, scenario-based cyber training.
Our Approach
Juno Risk began with an executive-level cyber tabletop exercise tailored to this third-party operating model. The scenario tested decision-making under pressure, including escalation, communications, HR considerations, and coordination with the external provider. The exercise quickly highlighted gaps in clarity around decision-making authority, risk ownership, and the practical implications of a shared cyber insurance policy.
To address these issues, Juno Risk facilitated discussions between legal counsel and insurers to clarify roles, responsibilities, and coverage during a cyber incident. We then supported a Board-level ransomware tabletop aligned to a newly developed playbook, focused on a third-party data breach where the organization retained reputational risk but limited control over response actions.
Outcome
By the end of the engagement, executives and directors had hands-on experience navigating a complex cyber scenario, a clearer understanding of third-party dependencies and decision boundaries, and greater confidence in their ability to manage a cyber crisis.