Large health insurer improves risk management plan with cybersecurity examination

Representative client

Large U.S. health insurer

Client need/request

Baker Tilly was asked by a state insurance department to perform a targeted cybersecurity examination as a subset of the financial examination.

Baker Tilly approach/tasks

We evaluated the regulated entity’s current state of cybersecurity management practices and control activities in the context of the National Institute of Standards and Technology (NIST) Cybersecurity Framework. Our work included assessing inherent risk and identifying missing and weak controls associated with those risks. Baker Tilly was also tasked with providing recommendations for control improvement and assessing the implementation maturity of the entity's controls that have been mapped to the NIST Cybersecurity Framework.


Baker Tilly developed a confidential report identifying and prioritizing potential gaps by risk rating and recommended remediation activities for inclusion in their overall risk management plan. The risk ratings were based on likelihood and impact for each vulnerability finding. Remediation activities were then integrated into the overall technology risk management plan.

For more information on this topic, or to learn how Baker Tilly's insurance industry specialists can help, contact our team.