Cyber insurance security standard: NCC Group leads the charge

Leading independent information assurance firm NCC Group has launched a forum to lead the march towards a minimum security standard for the uptake of cyber insurance.
 
The Cyber Insurance Working Group has been established with leading technology insurers including Liberty International Underwriters, Zurich Insurance and CNA Europe, and specialist technology insurance broker Oval. Other insurers are already looking to join. The group will meet regularly to drive the development of a framework of recommended information security practices and policies, including adequate business continuity plans and corporate information security policies.
 
Insurers providing security cover will benefit from being able to demand a specific,structured demonstration of commitment and integrity.In turn, businesses implementing the standard will benefit from a strengthened infrastructure and cyber risk mitigation.
 
Janet Williams, the lead on cybercrime for the Association of Chief Police Officers, last month told the FT that companies should be denied cover against cyber attacks unless they are able to meet a minimum 'kitemark' security standard.
 
The cyber insurance market is currently worth an estimated £250 million per year across the EU, with up to a half of this written in the UK. With high-profile cyber attacks increasingly hitting the headlines, and cyber crime costing the UK economy £27 billion a year, the market is rising fast.
 
Jacob Ingerslev, European Underwriting Director, Technology and Cyber Risks at CNA Europe, commented: "This is a great opportunity for us to participate in a working party approach to formulate a minimum standard for information assurance in the cyber insurance market. A standard is badly needed, and looks set to become a legal requirement in the future - we are looking to get ahead of the curve and be part of the force shaping the market."
 
Rob Cotton, CEO at NCC Group, added: "This is the culmination of an ongoing campaign from NCC Group. Too many businesses see cyber insurance as a means of mitigating risk in itself, but having adequate information security measures in place both reduces the premium costs and lowers the risk of suffering a serious cyber attack.
 
"For insurers to be strict with companies in terms of physical security is standard practice. The same significance must be extended to information security."