Seven Cyber Security Questions Businesses Need To Ask Themselves

Britain's National Cyber Security Centre (NCSC) has said, after calls for expert technical advice on the growing cyber insurance market, it made the decision to offer the following questions for senior leaders within organisations.  The new guidance highlights seven cyber security questions that businesses should consider before buying insurance.
 
The NCSC has prepared the cyber insurance guidance in consultation with a range of major stakeholders and industry partners.
 
Businesses are today being urged to consider these seven key security questions as cyber experts roll out a support package to help them with online working during the coronavirus pandemic. COVID-19 has seen many businesses shutter their physical premises and move their operations online, as far as possible. Internet shopping and home working have, almost overnight, become the norm
 
This shift in working practices is very likely to have changed the nature and priorities of the IT services and support which your business requires.
 
The NCSC Urges Businesses To Focus On Answering The Following Seven Questions:
  1.   What existing cyber security defences do you already have in place?
  2.   How do you bring expertise together to assess a policy?
  3.   Do you fully understand the potential impacts of a cyber incident?
  4.   What does the cyber insurance policy cover (or not cover)?
  5.   What cyber security services are included in the policy, and do you need them?
  6.   Does the policy include support during (or after) a cyber security incident?
  7.   What must be in place to claim against (or renew) your cyber insurance policy?
The advice was launched in consultation with major stakeholders and puts the emphasis on companies to think about insurance and risk management strategies. “Businesses rightly want to be as informed as possible before they invest, but when it comes to cyber insurance there simply hasn’t been enough information up to now,” said Sarah Lyons, NCSC deputy director for economy and society engagement....Cyber insurance may not be right for everyone and it can never replace basic good security practice, but I would urge businesses to consider our guidance to help make the decision that’s right for them....Last but not least, this guide helps to clarify that cyber insurance is part of a robust cybersecurity resilient strategy and not the only solution to the evolving risk and exposure,” Lyons said.
 
These questions are intended to help organisations gain a better understanding of the following key areas of corporate security: 
  • Actions needed from the risk management point of view prior to transferring the risk to insurers
  • What to expect during the insurance purchase process
  • Who needs to be involved from the company side; ultimately cyber is an enterprise risk 
  • The Role of the insurance broker or agent
  • Overall information needed by insurers to be able to assess the risk
The NSCS guidance has been welcomed by the British Insurance Brokers’ Association on the basis that, since nearly half of UK firms have reported a cyber attack over the last year, insurance brokers will be in a better position to provide support and advice to firms looking for cover.
 
Furthermore, businesses will benefit from reducing the impact of disruption caused by a cyber attack.  Having insurance can help businesses with recovery if they fall victim to a cyber-attack by reducing disruption to operations and providing financial protection. 
 
While insurance cover can't prevent a breach happening so it is vital for organisations to ensure they have fundamental cyber security defences in place, such as those assessed by the NCSC Cyber Essentials.  Having NCSC certification may in some cases even help with getting a discount on cyber insurance, as insurers know you have implemented basic protections.
 
NCSC:     NCSC:       Insurance Business:       Government Computing:       Infosecuity Magazine
 
For advice about carrying out an effective Cyber Security Audit please contact Cyber Security Intelligence.
 
You Might Also Read:
 
What Is A Cyber Security Audit?:
 
 
 
 
 
« Chinese Hackers Aim To Plunder Taiwan's Semiconductor Industry
Cyber Security Technology Sponsors Formula 1 »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Vitrociset

Vitrociset

Vitrociset design complex systems for defence, homeland security, space and transport. Activities include secure communications and cybersecurity.

Ipsidy

Ipsidy

Our identity platform enables mobile users to more easily authenticate their identity to a mobile phone or portable device of their choosing.

RevenueStream

RevenueStream

RevenueStream uses an innovative algorithmic approach to intercept and prevent payment fraud before it even happens.

Virgil Security

Virgil Security

Virgil Security provides easy-to-deploy and easy-to-use cryptographic software and services for use by developers and end-users.

Fortra

Fortra

Fortra (formerly HelpSystems) is your cybersecurity ally, unified through the mission of providing solutions to organizations' seemingly unsolvable cybersecurity problems.

Fischer Identity

Fischer Identity

Fischer Identity provide identity & access management and identity governance administration solutions.

Founder Shield

Founder Shield

Founder Shield is a data driven insurance brokerage focused excusively on rapidly evolving high-growth companies.

Systems Assessment Bureau (SAB)

Systems Assessment Bureau (SAB)

Systems Assessment Bureau is an internationally recognized ISO Certification Body with a unique vision of “Excel together with global standards”.

Char49

Char49

Char49 specialize in Penetration Testing, Red Team Assessment, Social Engineering and Security Research.

Otto

Otto

Stop Client-Side Attacks. Plug otto into your application security suite and protect your supply chain.

Guardey

Guardey

Guardey protects thousands of SME's environments. Whether your team works at the office, at home, at the customer or remotely. We protect your business. We do this in an accessible and affordable way.

Cerby

Cerby

Your team uses unmanageable applications that put you, your company, and your data at risk. Protect, secure, and accelerate your business automatically with Cerby.

AdronH

AdronH

AdronH is a company of Cyber Security consultants. We support companies and public institutions with their digital transformation to new and secure business platforms.

SecureFlag

SecureFlag

SecureFlag is dedicated to enhancing secure coding across all technical profiles within the Software Development Lifecycle.

Replica

Replica

Replica creates authentic virtual environments that ensure identities and assets are always protected no matter where or what work needs to get done.

Hopper Security

Hopper Security

The Future of Open-Source Risk Management Starts Here. We built Hopper to make sure you can harness the power of Open-Source safely and effectively.