Phone 202 839-5563 


Cyber liability and Data Breach Insurance Consulting

Large Organizations are Small Organizations Too

Large public and private organizations are comprised of big, medium and small organizational components. Sharing a common understanding and unified messaging is critical to delivering business/mission value and security. 

Small and mid-size businesses are the largest group of employers. Thinking of large organizations separately from this group ignores very important opportunities to increase business value and security because they are all connected and interdependent.

RightExposure helps small businesses and large businesses

Problem Statement

  • Small businesses have limited capabilities, capacities and awareness to properly protect confidential information of their own and others in their business Eco-system.
  • All organizations depend on members of their business Eco-system to stay in business so they can continue to be provided with products and services they need.
  • All organizations depend on each other to protect confidential information shared intentionally and exposed to them unintentionally.
  • The assessment of business risks including cyber is an important step in awareness and ability to take action to protect the business.
  • Protecting documents associated with assessments such as security gap reports, security plans, plan of action milestones, and others is critical.

FTC Guidance for Cyber

The Federal Trade Commission easy to follow guidance for small businesses. 
 The FTC is going to update and release new guidance Oct 18th.

Is Your Business Prepared for an Emergency?
Is Your Data?

When an emergency strikes, your business’s most vulnerable asset may not be in the stockroom or warehouse. It could be the data that has been central to your success.  The FTC has six steps you can take to help protect your company’s information from the unpredictable.  

Secure Paper, Physical Media, and Devices

federal trade commission

High-profile hackers grab the headlines. But some data thieves prefer old school methods – rifling through file cabinets, pinching paperwork, and pilfering devices like smartphones and flash drives. As your business bolsters the security of your network, don’t let that take attention away from how you secure documents and devices.

FTC law enforcement actions, closed investigations, and experiences we’ve heard from businesses demonstrate the wisdom of adopting a 360° approach to protecting confidential data. As Start with Security suggests, securing paper, physical media, and devices is an important part of that strategy.

Internet of Things FBI

Cyber Actors use Internet of Things devices as proxies for anonymity and pursuit of malicious cyber activities.

NIST Releases SP 800-37 r2

Click for 800-37 Risk Management Framework

The National Institute of Standards announced the final public draft of Special Publication 800-37, Revision 2Risk Management Framework for Information Systems and Organizations–A System Life Cycle Approach for Security and Privacy.

NIST 800-171 Controlled Unclassified Information

The protection of Controlled Unclassified Information (CUI) resident in non-federal systems and organizations is of paramount importance to federal agencies and can directly impact the ability of the federal government to successfully conduct its assigned missions and business operations.

Mitre Releases Supply Chain Guidance for DoD

Federal Communications Commission on Reasonableness

By clarifying that our standard is one of “reasonableness” rather than strict liability, we address one of the major concerns that providers—including small providers and their associations—raise in this proceeding.

Support for Announced

RightExposure is excited to announce our successful negotiation of a historic Memorandum of Understanding between the Small Business Administration supported Americas Small Business Development Centers and AJ Gallagher Affinity Insurance Program to support small businesses throughout the United States.  Keep tuned for details soon!

 Have something to help Small Businesses?

Product or service to help  Business Risk Management including Cybersecurity

 Insurance Data Security Law

National Association of Insurance CommissionersThe National Association of Insurance Commissioners have released the “Insurance Data Security Law” The intent of this Act is to establish standards for data security and standards for the investigation of and notification to the Commissioner of a Cybersecurity Event applicable to Licensees.  This Act may not be construed to created or imply a private cause of action for violation of its provisions nor may it be construed to curtail a private cause of action which would otherwise exist in the absence of this Act.  Click to read Insurance Data Security Law

Definitions:  “The critical starting point is to align to a common set of defined terminology. When companies are looking to implement compliance programs, starting with an understanding of the key terminology and definitions is a good place to start. For well-developed information security programs, starting over with defining terms may be wasteful…”

 South Carolina Insurance Data Security Law

The purpose and intent of this act is to establish standards for data security and standards for the investigation of and notification to the director of a cybersecurity event applicable to licensees. This act may not be construd to create or imply a private cause of action for a violation of its provisions nor may it be construed to curtail a private cause of action which would otherwise exist in the absence of this act.

NIST Cybersecurity Risk Management Conference

Nov 7-9,  The newly expanded conference format builds on the annual Cybersecurity
Framework Workshops held for the past five years and adds other cybersecurity risk management topics: Risk Management Framework, Supply Chain Risk Management, and the Privacy Framework. 
Renaissance Baltimore Harborplace Hotel, Baltimore, MD

President Trump Cyber Security Month

“Each of us can contribute by requesting more security from the products and services we use; using multi-factor authentication on our digital accounts and devices; leveraging private, protected, and secure networks; limiting how much personal information and location data we share; and taking other actions to secure the applications we use every day,” the proclamation states.

“I also encourage every American to learn more about how to protect themselves and their businesses through the Department of Homeland Security’s STOP.THINK.CONNECT. campaign and the Department of Commerce’s NIST Cybersecurity Framework,”  President Donald Trump

Controlled Unclassified Information Security Requirements Workshop

On Thursday, October 18, 2018, the National Institute of Standards and Technology (NIST), in coordination with the Department of Defense (DoD) and the National Archives and Records Administration (NARA), is hosting an informational workshop providing an overview of Controlled Unclassified Information (CUI), the Defense Acquisition Regulations System (DFARS) Safeguarding Covered Defense Information and Cyber Incident Reporting Clause, and NIST Special Publications 800-171 and 800-171A. 

American Bar Association Annual Meeting

Charlie Tupitza presented to the American Bar Association CyberSecurity Task force at their annual meeting August 5 in Chicago. Conversations addressed how the insurance industry can help support small and solo law practices in the United States and how taking advantage of the NIST Cybersecurity Framework is helpful to establish a common lexicon enabling the sharing of good practices. 

He also addressed the importance of all organizations to establish a clear policy regarding the sharing of cyber hygiene information.  One example is the request from the insurance industry for this information when it is not necessary.

Americas Small Business Development Centers
Annual Meeting

The 38th Annual America’s SBDC Conference takes place September 4-7, 2018, in Washington, DC, at the Washington Marriott Marquis. Every year our conference attracts 1,300+ SBDC professionals from all over the nation. These advisers, trainers and directors come together for professional development and networking.

"If we guard our toothbrushes and diamonds with equal zeal, we will lose fewer toothbrushes and more diamonds."

"It is super invigorating to work with team members who have a singular focus which is driving greater value through greater product and capability out to the business." para phrasing his the rest of his comments: 'no body wants to do cyber or tech for the sake of tech. They want to solve a problem, that is real invigorating."

David Shive, CIO General Services Administration Tweet

“If you’re asking me if I think we’re at war, I think I’d say yes”…We’re at war right now in cyberspace. We’ve been at war for maybe a decade. They’re pouring oil over the castle walls every day.”

Gen Robert Neller, Commandant, USMC Tweet

Contact Us

Phone 202 839-5563 – – email

About us

Phasellus sodal dictum dolor quis fringilla. Nunc accumsan velit sit amet enim maximus solsodales.

Our mission

Help small businesses understand t

Our offer

  • sed accumsan enim rutrum
  • Etiam fringilla lobortis
  • Aenean iaculis magna

contact us

We look forward to connecting!