Motor Accident Commission reforms critical IT platforms
Client:Motor Accident Commission South Australia
- Address ongoing cybersecurity concerns
- Protect investments and customer data more effectively
- Improve customer privacy safeguards
- Deploy CSC’s StrikeForce ethical hacking team to identify security vulnerabilities
- Leverage CSC’s cybersecurity products and Enterprise Security Roadmap
- Implement an agile Information Communication Technology (ICT) system
- Significantly improved cybersecurity protection
- Successful integration of cybersecurity products and services into a cohesive system
- Higher confidence in cybersecurity among board of directors
Security and customer privacy are of paramount importance for insurance companies and government entities, even more so when a single organization plays both roles. Needing to improve its cybersecurity posture, Motor Accident Commission (MAC) South Australia brought in CSC to spearhead the effort.
Located in Adelaide, MAC acts as a regulatory body for the state government in South Australia and as a compulsory third party (CTP) insurer, providing compensation to victims of road accidents. Insuring more than 1.3 million vehicles, MAC pays out approximately $360 million in compensation each year to crash victims. MAC also conducts extensive road safety campaigns and manages the CTP Fund investment portfolio.
With only 30 full-time employees, MAC lacked cybersecurity expertise. “Cybersecurity is very important to us,” says Jerome Maguire, MAC’s CEO. “We have some very sensitive areas of our business, one of those being our investment portfolio.”
Maguire says that with some 6,000 injury claims being processed annually, making sure personal health data is available only to those who need to know is a top priority. “Personal information is also a pivotal point, and we see CSC as helping us build some of those critical platforms to get there,” he says.
CSC used a phased approach in addressing MAC’s security concerns. As with a typical cybersecurity engagement, CSC deployed its highly acclaimed StrikeForce ethical hacking team to test MAC’s systems, looking for vulnerabilities. CSC was also integral in developing an improved Information-Communication Technology (ICT) system for MAC.
Alistair Blake, a CSC cybersecurity executive, says, “MAC had some concerns that there was an issue that could occur, and we engaged our consultants in StrikeForce, who came in and found that there were vulnerabilities that could be exploited. We worked together with MAC to help and present to the board how the commission could actually remedy those issues.”
Cybercriminals are relentless, constantly coming up with new techniques, so staying ahead of the game is important. Blake says, “CSC has invested a lot of time, energy and effort into keeping our people skilled, making sure that we keep providing top-level resources to companies.”
The next phase was to tap into CSC’s security technology stack and provide MAC with a comprehensive enterprise security roadmap. Blake says this involved “a security-based line analysis of their entire organization, including their governance processes and their procedures, ensuring that all their third parties are interlocked and that their contractual obligations are being met.”
Blake says one of the keys to CSC’s cybersecurity approach is to identify the hardware and software solutions currently in place that will produce the best results for the client to maximize its current investment.
“There’s no company that has one product that will fix everything, as security is multifaceted. What CSC brings to the table is the ‘cyberconfidence’ approach and the ability to integrate our products and services as part of the security technology stack. This positions our customers correctly right now, and allows them to respond flexibly as the environment changes.”
MAC’s leadership was pleased when CSC presented the new cybersecurity initiatives to its board of directors. Roger Emery, MAC’s commission secretary and internal auditor, says that CSC provided the organization with confidence. “The thing that struck us about CSC was not only the fact that they were willing and able to work for us, but that they wanted to work with us. And, you know, that’s very important, and it gave us confidence in the organization that they were prepared to work with us to solve the problems and also help us as we move forward.”