The National Cyber Security Centre (NCSC) has launched its first-ever advice on cyber insurance, as well as outlining the seven key questions that businesses should address when considering cyber security.
In its guidance, newly published online, it urges businesses to focus on the following:
- What existing cyber security defences do you already have in place?
- How do you bring expertise together to assess a policy?
- Do you fully understand the potential impacts of a cyber incident?
- What does the cyber insurance policy cover (or not cover)?
- What cyber security services are included in the policy, and do you need them?
- Does the policy include support during (or after) a cyber security incident?
- What must be in place to claim against (or renew) your cyber insurance policy?
The advice was launched in consultation with major stakeholders and puts the emphasis on companies to think about insurance and risk management strategies.
“Businesses rightly want to be as informed as possible before they invest, but when it comes to cyber insurance there simply hasn’t been enough information up to now,” said Sarah Lyons, NCSC deputy director for economy and society engagement.
“Cyber insurance may not be right for everyone and it can never replace basic good security practice, but I would urge businesses to consider our guidance to help make the decision that’s right for them.”
The guidance has been welcomed by the British Insurance Brokers’ Association, with a spokesperson stating it “clearly explains how good cyber security and suitable insurance go hand in hand.
“Insurance brokers can provide support and advice to firms looking for cover and in turn businesses benefit from reducing the impact of disruption caused by a cyberattack,” the spokesperson said.
Meanwhile, the Association of British Insurers noted that nearly half of UK firms have reported a cyberattack over the last year.
“This NCSC guide reinforces just how wide-ranging and serious the impact of a cyberattack can be, and why it is important to manage your cyber risk and put cyber security measures in place,” said an ABI spokesperson.