Janet Williams, the lead on cybercrime for the Association of
Chief Police Officers, has told the FT that companies should be
denied insurance cover against cyber attacks unless they are able
to meet a minimum 'kitemark' security standard.
Williams called on companies to ensure that they have good
information assurance, and argued that if insurance companies
refuse cover to companies who don't, the UK will soon see a rise in
"really good cyber security really fast."
Williams' comments were welcomed by information assurance firm,
Rob Cotton, CEO of NCC Group, comments:
"We've long campaigned to raise awareness of information assurance
as part of a businesses continuity and good governance planning.
But 'awareness' in the business arena can be intangible - it needs
to be generated and maintained by frameworks and regulations.
"Insurers are incredibly strict with companies in areas of
physical security. The same 'locked door' policy must be extended
to company data and customer information - customers need to view
their digital information as an asset that is as vulnerable to
theft as physical goods.
"A 'kitemark' for insurers is a great idea in theory, but it would
have to include testing and scanning by approved, independent
companies to carry real weight. We are fortunate in the UK to
already have approval and certification schemes in place to verify
companies providing these services - namely the CREST and CHECK
schemes - so there is a strong platform in place to work with
"The UK is in a great position to take proactive steps towards
making information assurance as integral to business practice as