Motor Accident Commission South Australia
•.Address ongoing cyber security concerns.
•.Protect investments and customer data more effectively.
•.Improve customer privacy safeguards.
•.Deploy CSC’s StrikeForce ethical hacking team to identify security vulnerabilities.
•.Leverage CSC’s cyber security products and Enterprise Security Roadmap.
•.Implement an agile Information Communication Technology (ICT) system.
•.Significantly improved cyber security protection.
•.Successful integration of cyber security products and services into a cohesive system.
•.Higher confidence in cyber security among board of directors.
Security and customer privacy are of paramount importance for insurance companies and government entities, even more so when a single organisation plays both roles. Needing to improve its cyber security posture, Motor Accident Commission (MAC) South Australia brought in CSC to spearhead the effort.
Located in Adelaide, MAC acts as a regulatory body for the state government in South Australia and as a compulsory third party (CTP) insurer, providing compensation to victims of road accidents. Insuring more than 1.3 million vehicles, MAC pays out approximately $360 million in compensation each year to crash victims. MAC also conducts extensive road safety campaigns and manages the CTP Fund investment portfolio.
With only 30 full-time employees, MAC lacked cyber security expertise. “Cyber Security is very important to us,” says Jerome Maguire, MAC’s CEO. “We have some very sensitive areas of our business, one of those being our investment portfolio.”
Maguire says that with some 6,000 injury claims being processed annually, making sure personal health data is available only to those who need to know is a top priority. “Personal information is also a pivotal point, and we see CSC as helping us build some of those critical platforms to get there,” he says.
CSC used a phased approach in addressing MAC’s security concerns. As with a typical cyber security engagement, CSC deployed its highly acclaimed StrikeForce ethical hacking team to test MAC’s systems, looking for vulnerabilities. CSC was also integral in developing an improved Information-Communication Technology (ICT) system for MAC.
A CSC cyber security executive said, “MAC had some concerns that there was an issue that could occur, and we engaged our consultants in StrikeForce, who came in and found that there were vulnerabilities that could be exploited. We worked together with MAC to help and present to the board how the commission could actually remedy those issues.”
Cyber criminals are relentless, constantly coming up with new techniques, so staying ahead of the game is important. Blake says, “CSC has invested a lot of time, energy and effort into keeping our people skilled, making sure that we keep providing top-level resources to companies.”
The next phase was to tap into CSC’s security technology stack and provide MAC with a comprehensive enterprise security road map. This involved “a security-based line analysis of their entire organisation, including their governance processes and their procedures, ensuring that all their third parties are interlocked and that their contractual obligations are being met.”
One of the keys to CSC’s cyber security approach was to identify the hardware and software solutions currently in place that would produce the best results for the client to maximise its current investment.
“There’s no company that has one product that will fix everything, as security is multifaceted. What CSC brings to the table is the ‘cyber confidence’ approach and the ability to integrate our products and services as part of the security technology stack. This positions our customers correctly right now, and allows them to respond flexibly as the environment changes.”
MAC’s leadership was pleased when CSC presented the new cyber security initiatives to its board of directors. Roger Emery, MAC’s commission secretary and internal auditor, says that CSC provided the organisation with confidence. “The thing that struck us about CSC was not only the fact that they were willing and able to work for us, but that they wanted to work with us. And, you know, that’s very important, and it gave us confidence in the organisation that they were prepared to work with us to solve the problems and also help us as we move forward.”