Seven Cyber Security Questions Businesses Need To Ask Themselves

Britain's National Cyber Security Centre (NCSC) has said, after calls for expert technical advice on the growing cyber insurance market, it made the decision to offer the following questions for senior leaders within organisations.  The new guidance highlights seven cyber security questions that businesses should consider before buying insurance.
 
The NCSC has prepared the cyber insurance guidance in consultation with a range of major stakeholders and industry partners.
 
Businesses are today being urged to consider these seven key security questions as cyber experts roll out a support package to help them with online working during the coronavirus pandemic. COVID-19 has seen many businesses shutter their physical premises and move their operations online, as far as possible. Internet shopping and home working have, almost overnight, become the norm
 
This shift in working practices is very likely to have changed the nature and priorities of the IT services and support which your business requires.
 
The NCSC Urges Businesses To Focus On Answering The Following Seven Questions:
  1.   What existing cyber security defences do you already have in place?
  2.   How do you bring expertise together to assess a policy?
  3.   Do you fully understand the potential impacts of a cyber incident?
  4.   What does the cyber insurance policy cover (or not cover)?
  5.   What cyber security services are included in the policy, and do you need them?
  6.   Does the policy include support during (or after) a cyber security incident?
  7.   What must be in place to claim against (or renew) your cyber insurance policy?
The advice was launched in consultation with major stakeholders and puts the emphasis on companies to think about insurance and risk management strategies. “Businesses rightly want to be as informed as possible before they invest, but when it comes to cyber insurance there simply hasn’t been enough information up to now,” said Sarah Lyons, NCSC deputy director for economy and society engagement....Cyber insurance may not be right for everyone and it can never replace basic good security practice, but I would urge businesses to consider our guidance to help make the decision that’s right for them....Last but not least, this guide helps to clarify that cyber insurance is part of a robust cybersecurity resilient strategy and not the only solution to the evolving risk and exposure,” Lyons said.
 
These questions are intended to help organisations gain a better understanding of the following key areas of corporate security: 
  • Actions needed from the risk management point of view prior to transferring the risk to insurers
  • What to expect during the insurance purchase process
  • Who needs to be involved from the company side; ultimately cyber is an enterprise risk 
  • The Role of the insurance broker or agent
  • Overall information needed by insurers to be able to assess the risk
The NSCS guidance has been welcomed by the British Insurance Brokers’ Association on the basis that, since nearly half of UK firms have reported a cyber attack over the last year, insurance brokers will be in a better position to provide support and advice to firms looking for cover.
 
Furthermore, businesses will benefit from reducing the impact of disruption caused by a cyber attack.  Having insurance can help businesses with recovery if they fall victim to a cyber-attack by reducing disruption to operations and providing financial protection. 
 
While insurance cover can't prevent a breach happening so it is vital for organisations to ensure they have fundamental cyber security defences in place, such as those assessed by the NCSC Cyber Essentials.  Having NCSC certification may in some cases even help with getting a discount on cyber insurance, as insurers know you have implemented basic protections.
 
NCSC:     NCSC:       Insurance Business:       Government Computing:       Infosecuity Magazine
 
For advice about carrying out an effective Cyber Security Audit please contact Cyber Security Intelligence.
 
You Might Also Read:
 
What Is A Cyber Security Audit?:
 
 
 
 
 
« Chinese Hackers Aim To Plunder Taiwan's Semiconductor Industry
Cyber Security Technology Sponsors Formula 1 »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Quttera

Quttera

Quttera provides Website Security Solutions for Small & Medium Businesses, Enterprises and Organizations.

SecLytics

SecLytics

SecLytics is the leader in Predictive Threat Intelligence. Our SaaS-based Augur platform leverages behavioral profiling and machine learning to hunt down cyber criminals.

Silensec

Silensec

Silensec is a management consulting, technology services and training company specialized in information security.

Office of the National Security Council (UVNS) - Croatia

Office of the National Security Council (UVNS) - Croatia

UVNS coordinates, harmonizes the adoption and controls the implementation of information security measures and standards in the Republic of Croatia.

Aspen Insurance

Aspen Insurance

Aspen is a leading diversified specialty insurance and reinsurance company. Products offered include cyber insurance.

RISE

RISE

RISE is an independent, State-owned research institute, which offers unique expertise and over 100 testbeds and demonstration environments for future-proof technologies, products and services.

Gorodissky IP Security

Gorodissky IP Security

Gorodissky IP Security is a comprehensive approach to protecting your intellectual property on the Internet and beyond.

OnDefend

OnDefend

OnDefend delivers information security solutions that improve overall security posture, reduce risks and defend against continually evolving and persistent cyber adversaries.

DisruptOps

DisruptOps

Built for today’s cloud-scale enterprises, DisruptOps’ Cloud Detection and Response platform automates assessment and remediation procedures of critical cloud security issues.

Digital Identification & Authentication Council of Canada (DIACC)

Digital Identification & Authentication Council of Canada (DIACC)

DIACC is a non-profit coalition of public and private sector leaders committed to developing a Canadian framework for digital identification and authentication.

Kalima Systems

Kalima Systems

Kalima’s mission is to securely collect, transport, store and share Industrial IoT (IIoT) trusted data in real time with devices, services and mobile workers.

Mitigate Cyber

Mitigate Cyber

Mitigate Cyber (formerly Xyone Cyber Security) offer a range of cyber security solutions, from threat mitigation to penetration testing, training & much more.

FPG Technologies & Solutions

FPG Technologies & Solutions

FPG Technology is a technology solutions provider and systems integrator, specializing in delivering IT Consulting, IT Security, Cloud, Mobility, Infrastructure solutions and services.

Custom Computer Specialist (CCS)

Custom Computer Specialist (CCS)

CCS offers an extensive range of services including cybersecurity solutions, consulting, implementation, and support to help our clients maximize the value derived from IT investments.

Tausight

Tausight

Tausight is an AI-Powered patient data security startup with a mission of reducing healthcare cyber incidents using a more proactive, risk management philosophy.

Couno

Couno

Couno is a trusted provider of IT support services throughout the UK and Europe.