The National Institute of Standards and Technology (NIST) have recently released a new version of its world-renowned cyber security framework. The framework, which was originally developed in 2014, is designed to assist organisations to improve their cyber security maturity by improving their management of IT security risks and enhancing protection against cyber threats. The new standard draws upon feedback on the previous framework and takes account of emerging threats and technologies to ensure it remains relevant in the modern cyber security environment. As a result, there is a greater focus on cloud security, supply chain risks, and the threats associated with artificial intelligence, the Internet of Things (IoT) and identity-based threats.

In addition to updating the original five key areas of the previous version of the standard namely: Identify; Protect; Detect; Respond; and Recover, a new Govern section has also been added to ensure a robust strategic approach to cyber security is in place. A breakdown of the new areas of the framework is provided in the diagram below:

It is recommended that organisations review their cyber risk management arrangements against this new standard. Further information on the NIST Framework is available here.

Griffiths & Armour can conduct cyber insurance assessments in accordance with the NIST framework to aid the understanding of cyber risk exposure to inform the insurance risk transfer strategy. Further cyber risk and cyber incident response guidance supplemented by template policies and plan documentation plus e-learning is available via RMworks, which is available to all Griffiths & Armour clients. Further information on RMworks is available here.