Seven Cyber Security Questions Businesses Need To Ask Themselves

Britain's National Cyber Security Centre (NCSC) has said, after calls for expert technical advice on the growing cyber insurance market, it made the decision to offer the following questions for senior leaders within organisations.  The new guidance highlights seven cyber security questions that businesses should consider before buying insurance.
 
The NCSC has prepared the cyber insurance guidance in consultation with a range of major stakeholders and industry partners.
 
Businesses are today being urged to consider these seven key security questions as cyber experts roll out a support package to help them with online working during the coronavirus pandemic. COVID-19 has seen many businesses shutter their physical premises and move their operations online, as far as possible. Internet shopping and home working have, almost overnight, become the norm
 
This shift in working practices is very likely to have changed the nature and priorities of the IT services and support which your business requires.
 
The NCSC Urges Businesses To Focus On Answering The Following Seven Questions:
  1.   What existing cyber security defences do you already have in place?
  2.   How do you bring expertise together to assess a policy?
  3.   Do you fully understand the potential impacts of a cyber incident?
  4.   What does the cyber insurance policy cover (or not cover)?
  5.   What cyber security services are included in the policy, and do you need them?
  6.   Does the policy include support during (or after) a cyber security incident?
  7.   What must be in place to claim against (or renew) your cyber insurance policy?
The advice was launched in consultation with major stakeholders and puts the emphasis on companies to think about insurance and risk management strategies. “Businesses rightly want to be as informed as possible before they invest, but when it comes to cyber insurance there simply hasn’t been enough information up to now,” said Sarah Lyons, NCSC deputy director for economy and society engagement....Cyber insurance may not be right for everyone and it can never replace basic good security practice, but I would urge businesses to consider our guidance to help make the decision that’s right for them....Last but not least, this guide helps to clarify that cyber insurance is part of a robust cybersecurity resilient strategy and not the only solution to the evolving risk and exposure,” Lyons said.
 
These questions are intended to help organisations gain a better understanding of the following key areas of corporate security: 
  • Actions needed from the risk management point of view prior to transferring the risk to insurers
  • What to expect during the insurance purchase process
  • Who needs to be involved from the company side; ultimately cyber is an enterprise risk 
  • The Role of the insurance broker or agent
  • Overall information needed by insurers to be able to assess the risk
The NSCS guidance has been welcomed by the British Insurance Brokers’ Association on the basis that, since nearly half of UK firms have reported a cyber attack over the last year, insurance brokers will be in a better position to provide support and advice to firms looking for cover.
 
Furthermore, businesses will benefit from reducing the impact of disruption caused by a cyber attack.  Having insurance can help businesses with recovery if they fall victim to a cyber-attack by reducing disruption to operations and providing financial protection. 
 
While insurance cover can't prevent a breach happening so it is vital for organisations to ensure they have fundamental cyber security defences in place, such as those assessed by the NCSC Cyber Essentials.  Having NCSC certification may in some cases even help with getting a discount on cyber insurance, as insurers know you have implemented basic protections.
 
NCSC:     NCSC:       Insurance Business:       Government Computing:       Infosecuity Magazine
 
For advice about carrying out an effective Cyber Security Audit please contact Cyber Security Intelligence.
 
You Might Also Read:
 
What Is A Cyber Security Audit?:
 
 
 
 
 
« Chinese Hackers Aim To Plunder Taiwan's Semiconductor Industry
Cyber Security Technology Sponsors Formula 1 »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ZM CIRT

ZM CIRT

ZM CIRT is the national Computer Incident Response Team for Zambia.

Fraunhofer Institute for Secure Information Technology (SIT)

Fraunhofer Institute for Secure Information Technology (SIT)

Fraunhofer SIT is a research centre specialising in all areas of IT security.

Global Security Network (GSN)

Global Security Network (GSN)

GSN focuses on specialized IT Security solutions & services for the military, law enforcement, critical infrastructure and oil & gas sectors in the Middle East.

OGiTiX

OGiTiX

OGiTiX Software AG is a German software manufacturer specializing in Identity and Access Management.

Kymatio

Kymatio

Kymatio are pioneers in Artificial Intelligence applied to adaptive staff strengthening, cultural change and predictive internal risk analysis.

Haechi Audit

Haechi Audit

Haechi Audit is a leading smart contract security audit firm. We provide the most secure smart contract security audit and smart contract development services to our global clients.

Cyber Polygon

Cyber Polygon

Cyber Polygon is an annual online exercise which connects various global organisations to train their competencies and exchange best practices.

Aigner Business Solutions

Aigner Business Solutions

Aigner Business Solutions GmbH is a specialist in IT-Security and Data Protection. Concise and focussed.

Argentra

Argentra

Argentra is a specialist engineering company, we have years of experience developing custom security software and providing security risk consulting.

Fenix24

Fenix24

Fenix24 is an industry leader in the incident-response space. We ensure the fastest response, leading to the full restoration of critical infrastructure, data, and systems.

Advent One

Advent One

Advent One are recognised for solving intricate dilemmas, not only making technology work but building foundations that customers can grow upon in an effective and secure way.

Seedcamp

Seedcamp

Seedcamp identify and invest early in world-class founders attacking large and global markets through disruptive technology in areas including AI, cybersecurity, and Fintech.

Beetles Cyber Security

Beetles Cyber Security

Beetles is a crowdsourced penetration testing platform designed to build a trusted, hacker-centric approach to protectan organization’s digital attack surface.

Gogolook

Gogolook

Gogolook is a leading TrustTech company. With "Build for Trust" as its core value, it aims to create an AI- and data-driven global anti-fraud network as well as Risk Management as a Service.

Paramount Defenses

Paramount Defenses

Paramount Defenses have unrivaled capability in two of the most critical areas in cyber security today – Active Directory Security and Privileged Access.

Lyvoc

Lyvoc

Lyvoc is a premier cybersecurity integration partner renowned for its expertise in supporting its clients to accelerate and secure their digital transformation.