Newsletter

Risk Managers Roundtable Highlights the Importance of Cyber Resilience

As part of the California JPIA Risk Managers Roundtable series, the Authority recently hosted an insightful webinar discussing the new National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) 2.0. The session was presented by Paul Edge, CEO of Triden Group, the Authority’s cybersecurity business partner. Edge explored the importance of aligning cybersecurity posture with the updated NIST CSF 2.0 to strengthen organizational resilience, improve executive-level decision-making, and reduce cyber risks. Participants also learned how adopting the framework supports cyber insurability, helping members meet underwriting priorities such as:

Read More

• Multi-Factor Authentication (MFA)
• Endpoint Detection and Response (EDR)
• Regularly tested, isolated, immutable backups that can be reliably restored
• Documented incident response plans
• Regular vulnerability scanning
• Employee security awareness training

These practices improve insurability and align with NIST’s core focus areas of protecting and recovering from cyber threats.

Additionally, Edge highlighted common gaps identified among California JPIA member agencies, including:

• Inconsistent patch management
• Lack of formal cyber risk management processes
• Missing incident response plans
• Limited threat detection tools (Managed Detection and Response (MDR)/EDR)
• Over-reliance on Managed Service Providers (MSPs) without adequate oversight of MSP security practices

For those Authority members unable to attend, the recording is available using the webinar link.

As a reminder, members have access to fully funded cybersecurity services through the Authority’s partnership with Triden Group, including:

• A cybersecurity maturity assessment based on the NIST CSF
• Internal and external vulnerability scans to help identify and address security gaps

Additionally, the Authority has also secured a Master Services Agreement with Triden, allowing members to engage them directly—at preferred pricing—for services such as:

• Penetration testing
• Incident response tabletop exercises
• Cybersecurity training
• Follow-up assessments

Finally, the Authority also offers the following member resources:

• KnowBe4 for security awareness training and phishing simulations
• Eagle Eye, a cyber risk management platform with checklists, website assessments, and tracking tools
• eRiskHub, an online portal with incident response planning tools, policy templates, and more

If you are interested in any of these services or need help accessing the services, please contact your regional risk manager.

 

< Back to Full Issue Print Article