Case Study: Norfolk County achieves cyber insurance compliance and improved third‑party access management with CyberArk

Norfolk county meets strict insurance guidelines and improves third-party access management

Norfolk County, a rural municipality in Ontario serving about 63,000 residents, faced growing cyber risk from remote work, high vendor access and limited IT staff after incidents like exposed payroll data and a small ransomware outbreak. With roughly 20 third-party suppliers and strict cyber-insurance requirements, the county needed better control, visibility and automation for privileged accounts and vendor access.

Working with CDW and CyberArk, Norfolk County deployed CyberArk Privilege Cloud (with Vendor Privileged Access Manager and a PAM jumpstart) to centrally vault and rotate credentials, enforce MFA for vendors, and isolate and monitor privileged sessions. The implementation met insurer conditions, gave the IT team clear oversight of contractor activity, reduced service disruptions, and improved productivity while delivering scalable threat reduction across on‑premises and cloud systems.

Norfolk County

Brent Wallace

Director IT Corporate Service Division