Cyber Risk and Defense Contractors
A Complete Solution - Affordable, Online for all Requirements
Cyber Risk and Defense Contractors
Threats facing DoD’s unclassified information have dramatically increased. DoD now mandates an annual compliance program, administered by DCAA, with enforcement set to begin in earnest in 2020. The regulations now require Small and Medium Sized DoD contractors to obtain and act on three minimum requirements:
- An annual cyber risk assessment, conducted by an independent third party.
- Compliance with the DFARS rules on Safeguarding Covered Defense Information and Cyber Incident Reporting; and
- Compliance with NIST SP-800-171, a Special Publication addressing cyber protection for controlled unclassified information (CUI).
AssuredOne™ offers a unique, cost-efficient suite of protections—Full compliance with all 3 requirements, cyber risk insurance* (for most), and services (through Assured Enterprises) from seasoned cybersecurity professionals to help you address your gaps, questions and concerns.

AssuredOne 360˚ - Cyber Risk Protection
- A cyber risk assessment, tailored to your needs, which results in a RoadMap report on compliance, a CyberScore® benchmarking which measures your level of compliance and which includes threat analysis and comparisons with other similarly sized defense contractors.
- Reports on both Regulatory requirements from the DFARS and from NIST.
- If qualified, a cyber risk insurance policy, with no deductible, to give you peace of mind
- A highly qualified service team from Assured Enterprises on call to address your special needs, when and as they arise.
Innovative Cybersecurity and Cyber Insurance for Everyday Defense Contractor
The cybersecurity compliance requirements apply to all Defense Contractors, regardless of size or role with the DoD. Contractors with NASA and via GSA also face compliance issues. For more on NASA and GSA compliance please contact us.
Not every DoD contractor is created equal, nor are the risks, threats and operational requirements the same. Those who offer a standard, static approach don’t understand your business. That’s why our approach is to tailor the cyber risk assessment to your size and level of risk.
Small or Low Risk
Companies
- Typically, below $20M in annual gross revenue and fewer than 50 employees
- No handling of classified information
- Typically, service oriented or a provider of a discreet product(s)
- May not know if you have cyber risk insurance coverage in any of your existing policies
- Has not had a data breach in the last 2 years or
- Has had a data breach in the last 2 years
- Likely has third party service provider to manage IT for your company
- Likely suited for Tier 1- Tier 4 of Cyber Health Essentials™, our self-guided, online cyber risk assessment system
Medium Sized Organization
or Moderate Risk
- Gross Revenue, typically $20-$30M with fewer than 70 employees
- May have personnel with clearances up to and including TS/SCI
- May provide analytical or other sophisticated goods and/or services
- May have a nagging need for cyber risk insurance—but not sure where to go
- May have proprietary software in operation
- Likely has in-house personnel to supervise some IT or network functions
- Likely suited for Tier 1 or Tier 2 of Cyber Pro Maturity™—our self-guided, online cyber risk assessment for this size/risk level of company
Large Companies &
or High-Cyber Risk
- Gross Revenue, typically above $30M with more than 70 employees
- Has personnel with security clearances, or
- Handles sensitive non-classified information in which a nation-state might have interest
- Teams with a significantly larger DoD contractor
- Provides data on a regular or continuous basis
- Has API interfaces or other IT network and communications operational requirements
- Likely suited for an in-person comprehensive cyber risk assessment, Assured’s TripleHelix® assessment system
- May need an Insurance Gap Analysis to identify overlapping coverages or inconsistent requirements among and between multiple policies
- A strong candidate for larger, tailored cyber risk insurance coverage
A Special Opportunity for Maryland DoD Contractors
Defense contractors in Maryland generate more than $57 billion in economic impact for the region. To assist organizations who see more than 10% of their business from defense contracts, Maryland now offers an economic assistance program to help these companies with their cybersecurity expenditures.
The Maryland Defense Cybersecurity Assistance Program, or DCAP, requires that organizations have a physical location in Maryland. The program’s purpose is to ensure that DoD contractors in the state have a third-party, independent cyber risk assessment and are in compliance with NIST SP 800-171 and DFARS requirements. Contact us to find out more about how we can help.
A Suite of Cyber Protection
Risk Assessment: Tailored to your size and probable risk profile. Online, self-guided, with service support, as needed. No onsite visit required.
CyberScore®: Imagine a cyber risk score based on the facts of your business, the security posture of your network, the quality of your documentation and more objective facts. Calibrated score from 300 to 850—same as used by FICO® scoring, so that you can understand immediately your security ranking, coupled with some information about risk in your industry and how you might be seen in comparison to others—that and more is CyberScore®
Regulatory Reports: Both the DFARS and NIST SP 800-171 requirements available online so you can quickly see your compliance posture. Need help improving or closing a nagging gap? Just contact us and we can help.
Cyber Insurance: Policy limits of $250,000 are typically provided, but some may qualify for larger policies. Our cyber insurance plan at the $250,000 level carries no deductible and allows you to combine with most other insurance policies so that your most expensive gap—deductible and other out of pocket costs likely may be covered.
Risk Assessment: Tailored to your size and probable risk profile. Online, self-guided, with service support, as needed. No onsite visit required.
CyberScore®: Imagine a cyber risk score based on the facts of your business, the security posture of your network, the quality of your documentation and more objective facts. Calibrated score from 300 to 850—same as used by FICO® scoring, so that you can understand immediately your security ranking, coupled with some information about risk in your industry and how you might be seen in comparison to others—That and more is CyberScore®
Regulatory Reports: Both the DFARS and NIST SP 800-171 requirements available online so you can quickly see your compliance posture. Need help improving or closing a nagging gap? Just contact us and we can help.
Cyber Insurance: Policy limits of $250,00 are typically provided, but some may qualify for larger policies. Our cyber insurance plan at the $250,000 level carries no deductible and allows you to combine with most other insurance policies so that your most expensive gap—deductible and other out of pocket costs likely may be covered.
AssuredOne's Expertise

Libby Benet, past-president of AssuredOne, discusses effective management of cybersecurity threats in this two part episode of the Paradigm Shift Podcast.

Chairman and CEO of Assured Enterprises Inc., Stephen Soble, spoke with Information Security Media Group in London.

In Episode 68 of the Paradigm Shift Podcast, Libby Benet, past-president of AssuredOne, discusses her path from lawyer to insurance executive to cybersecurity advocate in The Truth and the Myth of Managing Cyber Security Risk.