The Government wants to boost the uptake of cyber-insurance as a way of improving how UK organisations manage security risk, Minister for the Cabinet Office Francis Maude has said at a summit hosted with CEOs from the industry.
Building on the National Cyber Security Programme (NCSP), Maude revealed that the insurance industry would be working with the Government on working groups that would explore how cyber-insurance could be used to encourage best practice, model the industry response to attacks scenarios, and promote the UK as a secure place to do business.
The principle is that more available cyber-insurance would drive higher standards of security by design, over time helping to counteract the dramatic rise of threats to small firms in particular.
“We want to support the growth of a cyber-insurance market in the UK so we are very pleased to come together with the UK’s world-renowned insurance sector,” said Maude.
“Cyber insurance does not replace the need for good cyber security practice but is an added protection for businesses in the event of breaches.”
Cyber-insurance, of course, remains an undeveloped market, not just in the UK but globally. Cover tends to be highly defined and expensive and risk difficult to price because insurers don’t have enough data to work with.
The Government has attempted to address some of these issues its Cyber Essentials scheme aimed at SMEs, which seeks to establish the sort of basic standards upon which an insurable market could be built.
“As recent network attacks and data breaches have demonstrated, cyber security events can quickly accumulate significant costs, inflict reputational damage, and undermine investor confidence,” commented March UK CEO, Mark Weil, whose company co-hosted the summit.
“A massive data breach will invite litigation, generate regulatory fines, and instigate law enforcement investigations.”
Firms could use insurance to mitigate some of these risks, he said.
The working groups are due to report back in April 2015.