Brit – Consistently Inconsistent
culture
Inclusion and Diversity
Corporate Social Responsibility
Team BRIT
Environmental, Social & Governance
Insurance
accident and health
casualty
public and products liability
employers liability
environmental liability
contingency
event cancellation
non appearance
film
prize indemnity
cyber
cpr
xdr
bcap industrial
xdr pro tech
first50
cyber claims
cyber knowledge hub
delegated authority
commercial property
flood
financial property
homeowners
directors & officers
energy
Renewable Energy
e-trading
financial institutions
fine art and specie
healthcare liability
marine
cargo
hull and marine war
keel
marine and energy liability
political risk trade credit
political violence / terrorism
political violence/london
private client
home
motor
travel
professional liability
small north american liabilty
north american professional liability london
programs
property
north american open market property
international property
uk property
transportation
Reinsurance
casualty treaty
international casualty treaty/london
north america casualty treaty/london
casualty treaty bermuda
property treaty
property treaty
property treaty bermuda
Claims
Claims Philosophy
Claims Innovation
Cyber Claims
industries
aerospace
aquaculture, equine and livestock
architects and engineers
commercial
construction
consumer goods
education
energy
events & entertainment
farming and agriculture
financial services
healthcare
municipalities
personal lines
professional services
real estate
religious and not-for-profit
retail
technology
transportation
utilities and industrial
careers
Careers
Why join Brit?
Why work in Insurance?
our business areas - speaking for ourselves
business area - actuarial
business area - claims
business area - finance
business area - internal audit
business area - operations
business area - risk
news
Brit Group
Brit Global specialty
Brit Re
Brit India
Camargue
financials and governance
Financials
Governance
executive & board
Risk
History of Brit
Working with FinTechs and InsurTechs
Fair Value Assessments
brokers and coverholders
leadership
innovation
contact
Complaints
Privacy Notice
Modern Slavery
Terms and Conditions
The latest from Brit

Brit Re

Brit appoints Jonathan Stephenson to lead Bermuda expansion

find out more

news

find out more
Gettyimages 1952274056

news

The DDoS (Distributed Denial-of-Service) attack on X this month again highlights the crucial nature of having a consistent roll out of cyber controls across an estate.  

Initial reports have suggested that not all of X server estate was properly secured behind Cloudflare’s DDOS Protection Service.  

The nature of these DDoS protection services has mitigated the frequency of DDoS attacks we have seen in recent years but is still reliant on being configured correctly across the entirety of an estate.  

Effective governance at a management level ensures that consistent controls are in place across the board, and as cringe worthy as it sounds, threat actor groups will continue to target the weakest link in the chain and choosing the path of least resistance.  

Governance can take the form of a BIA (business impact analysis) an exercise that highlights risks to the business, and the application of mitigating controls to reduce the level of risk from a likelihood and impact perspective. This includes a level of threat modelling, essentially asking what could happen to this asset, what would the result be to the business if this was to happen.  

Having a complete and formalised asset inventory can support this effort, this is essentially a list of everything you have, what it is and where it sits. This is the sort of document that would have supported X with showing the number of external facing servers it has currently. This in turn would have been used for the application of the Cloudflare service.  

Assurance is the marking of the homework; are the controls being applied in the way management intended?  Independence from the rest of the business is useful here as they are not subject to internal policies and roadblocks. These assurance activities should check the roll out but also, if possible, the configuration. This is driven from policies, what we should be doing, but also standards how we should be doing it. It is this checking of the consistency that will drive maturity.  

The above activities are all part of a wider information security management system that an organisation should look to adopt to manage their information security effectively to reduce the risk of a cyber event occurring.  

Securing Cloud-Native Enterprises: Insights from Brit's CISO

21-02-2025 |Cyber
Read more

Brit Acclaimed in the 2025 IBUK 5-Star Cyber

12-02-2025 |Brit Group
Read more

Breach response: leave it to the experts

24-01-2025 |Cyber
Read more

Ransomware negotiation: Don’t try this at home

18-03-2024 |Cyber
Read more

Digital Forensics:
Managing a Digital Crime Scene

19-09-2024 |Cyber
Read more

Addressing The Cyber Gap With SMEs

03-01-2025 |Cyber
Read more

Operational Technology (OT): Protecting Critical Systems in a Connected World

19-06-2024 |Cyber
Read more

Why Multi-Factor Authentication (MFA) Matters

05-12-2021 |Cyber
Read more

Brit - NIS2: What does it mean for cyber security?

30-11-2023 |Cyber
Read more
London Footer White

A Fairfax Company

©2025 Brit Group Services Limited. All rights reserved.