Plans to include Cyber Essentials certification in insurers’ risk assessments for SMEs revealed

iStock_000013690792XSmallHM Government in conjunction with Marsh, one of the UK’s leading insurance brokers and risk advisors, has published a new report providing insight into the joint initiatives between government and the insurance sector to tackle cyber risk. The document, ‘UK cyber security: the role of insurance in managing and mitigating the risk’, acknowledges the role insurers can play in helping companies better manage their cyber risks.

A key agreement detailed by the report is that participating insurers will include the government’s Cyber Essentials certification as part of their risk assessment for small and medium-sized enterprises (SMEs).

According to the report, “the participating insurers operating in the SME insurance sector have agreed to build reference to the Cyber Essentials standard into their cyber insurance applications, and will look to simplify the application where accreditation has been achieved by the applicant.”

Francis Maude, Minister for the Cabinet Office with responsibility for the UK Cyber Security Strategy and Paymaster General, wrote in the report’s foreword:

“By asking the right questions in addressing cyber risks, insurers and insurance brokers can help promote the adoption of good practice, including the Government’s Cyber Essentials scheme, which will reduce the frequency and cost of breaches.”

Cyber risk is a boardroom issue

The report reveals that business leaders are often unaware that cyber risks are insurable. 52% of CEOs or CIOs of large organisations believe they have insurance that would cover them in the event of a breach, while in reality only 10% of surveyed companies have cyber cover, whether as standalone cover or implicit in other policies.

The report recommends that companies stop viewing cyber risk as largely an IT issue. They should instead focus on it as a key commercial risk affecting all parts of its operations. It highlights the need for companies to put in place robust cyber security risk management arrangements, and stresses the role of the Cyber Essentials scheme in ensuring a minimum baseline of security.

Achieving Cyber Essentials certification

Launched in 2014, the government’s Cyber Essentials scheme provides a set of five controls that organisations can implement to establish a baseline of cyber security, and against which they can achieve certification to prove their credentials.

Certification to the scheme will demonstrate to your customers and business partners that fundamental cyber security measures are in place, and provides evidence validating your organisation’s security posture.

IT Governance is a CREST-accredited Cyber Essentials certification body. To find out how our fixed-price Cyber Essentials solutions can help you achieve Cyber Essentials certification for as little as £300, click here for more information >>