Cyber security is essential in today’s marketplace
The insurance industry and government discussed how to grow the cyber insurance market to improve cyber security for UK businesses.
On 5 November, Francis Maude, Minister for the Cabinet Office with responsibility for the UK Cyber Security Strategy, co-hosted a summit ofCEOs from the UK’s insurance sector in conjunction with Marsh, the insurance broker and risk adviser, to discuss how the sector can help ensure that the UK is one of the safest places to do business in cyberspace.
Read the joint statement from government and the insurance industry.
Yesterday's event was the first of its kind and marks closer collaboration between government and industry to help promote the growth of the cyber insurance market as a means of improving cyber security risk management. The insurance sector is in a strong position to drive improvements in cyber security risk management. The sector recognises the role it can play in improving good practice by asking the right questions of customers in relation to their cyber breach and operational risk policies.
Cyber threats pose a considerable risk to UK companies and industry is by far the biggest victim of cyber crime. 81% of large businesses and 60% of small businesses suffered a breach in the last year with the average cost of breaches to business nearly doubling since last year (see the 2014 Information Security Breaches Survey).
Minister for Cabinet Office, Francis Maude said:
Protecting the cyber security of UK businesses is an important part of this government’s long-term economic plan – we want the UK to be one of the most secure places in the world to do business. We want to support the growth of a cyber insurance market in the UK so we are very pleased to come together with the UK’s world-renowned insurance sector. Cyber insurance does not replace the need for good cyber security practice but is an added protection for businesses in the event of breaches.
Mark Weil, CEO of Marsh UK & Ireland, said:
As recent network attacks and data breaches have demonstrated, cyber security events can quickly accumulate significant costs, inflict reputational damage, and undermine investor confidence. A massive data breach will invite litigation, generate regulatory fines, and instigate law enforcement investigations. Cyber attacks can even cause physical damage by manipulating control processes. Companies should be assessing their vulnerability to cyber attack and taking advantage of risk management and insurance solutions to mitigate the potential for these events to harm their business.
John Hurrell, CEO of Airmic, the UK association for risk managers and insurance buyers, said:
Cyber risk is an enormous challenge which cuts across a wide range of stakeholders and this initiative correctly recognises the need for a coordinated effort to improve the management of cyber risk in business. Airmic very much welcomes closer engagement between the government and the insurance industry, and believes the insurance industry has a critical role to play in improving awareness and informing the debate. We hope that this will in turn foster closer working relationships between other key players, including between IT and risk functions within organisations.
A dozen of the UK’s leading insurers met with the Minister and Cabinet Office, UK Trade & Investment, Department for Business, Innovation & Skills and GCHQ officials to discuss the issue and agree a joint statement. It:
- highlights the risk to UK business posed by cyber attack
- recognises the role insurers can play in driving improvements in cyber security risk management
- commits industry and government to closer working to develop the UK’s cyber insurance market for this purpose
- supports the growth of a cyber insurance market in the UK
- announces the establishment of working groups to focus on key issues and report emerging conclusions back to the Cabinet Office in April 2015
This latest initiative builds on government’s ongoing partnership with industry under the National Cyber Security Programme (NCSP) to ensure that UK businesses have better cyber security protections in place. Guidance such as the 10 steps to cyber security for businesses and theCyber Essentials scheme provide clear practical advice on what cyber security controls organisations should have in place. The recent joint statement also recognises that the government and industry supported Cyber Essentials scheme helps businesses protect against the most common cyber threats.
Notes to editors
1) The National Cyber Security Strategy (NCSS), published in November 2011, provided government with a framework and objectives in tackling cyber threats, promoting awareness and providing a growing platform of strong private sector partnership. The strategy is supported by £860 million of funding from the National Cyber Security Programme which has helped put in place new initiatives and structures as part of the government’s response to growing threats in cyberspace.
2) In December 2013, government published the second annual report on progress against the strategy, achievements and spend on the NCSP as well as forward plans.
3) The NCSS has 4 objectives:
- to make the UK one of the most secure places in the world to do business in cyberspace
- to make the UK more resilient to cyber attack and better able to protect our interests in cyberspace
- to help shape an open, vibrant and stable cyberspace that supports open societies
- to build the UK’s cyber security knowledge, skills and capability
The NCSS sets out how the UK will support economic prosperity, protect national security and safeguard the public’s way of life by building a more trusted and resilient digital environment. It makes clear how the investment through the National Cyber Security Programme is being used and which departments are responsible for which actions, and it outlines how the government will take the opportunity to promote growth and minimise the economic impact of cyber attacks by cementing a new partnership with the private sector.
4) The £860 million programme funding provides backing for work to improve the UK’s cyber security capability but government can’t do this alone. Our whole approach hinges on building effective partnerships between government, law enforcement agencies, academia and the private sector. We’re also encouraging organisations within these spheres to work in partnership with each other.
5) The Cyber Essentials scheme was launched on 5 June 2014. This new government-backed and industry supported scheme guides businesses in protecting themselves against the most common cyber threats. Cyber Essentials is free to download and any organisation can use the guidance to implement essential security controls. Organisations successfully independently assessed by a certification body can achieve a Cyber Essentials award to demonstrate that they meet the government endorsed set of basic controls on cyber security.
6) The 10 steps to cyber security was published in 2012 and amalgamates advice from the security services and government departments to provide senior business leaders with guidance on cyber security best practice.
Latest News from
Government to set out proposals to reform care and support17/11/2017 13:25:03
First Secretary Damian Green has announced that the government will publish a green paper on care and support for older people by summer 2018.
Minister announces accessibility improvements to voter registration service15/11/2017 10:03:02
The voter registration service has been made more accessible for users, following an audit by the Government Digital Service Accessibility team.
Lead non-executive director appointment for Cabinet Office14/11/2017 09:25:20
Sir John Parker has been appointed as the lead non-executive director for the Cabinet Office and will take up the role from 15 November.
UK Youth Parliament 201710/11/2017 16:42:25
The Youth Parliament demonstrates that the voices of young people belong in politics.