Editorial

Seven questions to ask if you’re considering cyber insurance

The NSCS has come up with a set of questions to help firms make decisions about cover against cyberattacks

Posted 6 August 2020 by Christine Horton

The National Cyber Security Centre (NSCS) has released a new guide for organisations thinking about taking out cyber insurance.

The advice highlights seven cybersecurity questions firms should be asking to help them make informed decisions about cover. They range from what levels of defence are already in place to whether the insurance covers the aftermath of an incident.

“Businesses rightly want to be as informed as possible before they invest, but when it comes to cyber insurance there simply hasn’t been enough information up to now,” said Sarah Lyons, NCSC deputy director for economy and society engagement.

“That’s why it’s so important for the NCSC as the UK’s leading cyber authority to offer our support by providing some clarity on the key issues to consider to ensure cybersecurity.

“Cyber insurance may not be right for everyone and it can never replace basic good security practice, but I would urge businesses to consider our guidance to help make the decision that’s right for them.”

The questions are:

If you liked this content…

  • What existing cybersecurity defences do you already have in place?
  • How do you bring expertise together to assess a policy?
  • Do you fully understand the potential impacts of a cyber incident?
  • What does the cyber insurance policy cover (or not cover)?
  • What cybersecurity services are included in the policy, and do you need them?
  • Does the policy include support during (or after) a cybersecurity incident?
  • What must be in place to claim against (or renew) your cyber insurance policy?

Having insurance can help businesses with recovery if they fall victim to a cyberattack by reducing disruption to operations and providing financial protection.

“It is vital businesses take action to protect themselves and their customers from security risks and cyber insurance can play an important part in robust risk management strategies,” said Digital Infrastructure Minister, Matt Warman.

“I encourage firms to consider this guidance and use programmes such as Cyber Essentials to make sure they have fundamental cybersecurity defences in place.”

However, NCSC reiterated that cover cannot prevent a breach from happening, so it is vital for organisations to ensure they have fundamental cybersecurity defences in place, pitching its own Cyber Essentials scheme.

Cyber Essentials allows UK organisations to assess whether they have the measures in place to protect themselves from the most common cyber threats – and if they do, they receive certification from the NCSC, in partnership with IASME Consortium.
Event Logo

If you are interested in this article, why not register to attend our Think Digital Government conference, where digital leaders tackle the most pressing issues facing government today.


Register Now