Kitemark Security Standard

Janet Williams, the lead on cybercrime for the Association of Chief Police Officers, has told the FT that companies should be denied insurance cover against cyber attacks unless they are able to meet a minimum 'kitemark' security standard.
 
Williams called on companies to ensure that they have good information assurance, and argued that if insurance companies refuse cover to companies who don't, the UK will soon see a rise in "really good cyber security really fast."
 
Williams' comments were welcomed by information assurance firm, NCC Group.
 
Rob Cotton, CEO of NCC Group, comments:
 
"We've long campaigned to raise awareness of information assurance as part of a businesses continuity and good governance planning. But 'awareness' in the business arena can be intangible - it needs to be generated and maintained by frameworks and regulations.
 
"Insurers are incredibly strict with companies in areas of physical security. The same 'locked door' policy must be extended to company data and customer information - customers need to view their digital information as an asset that is as vulnerable to theft as physical goods.
 
"A 'kitemark' for insurers is a great idea in theory, but it would have to include testing and scanning by approved, independent companies to carry real weight. We are fortunate in the UK to already have approval and certification schemes in place to verify companies providing these services - namely the CREST and CHECK schemes - so there is a strong platform in place to work with insurers.
 
"The UK is in a great position to take proactive steps towards making information assurance as integral to business practice as physical security."