Cyber insurance security standard: NCC Group leads the charge
Leading independent information assurance firm NCC Group has
launched a forum to lead the march towards a minimum security
standard for the uptake of cyber insurance.
The Cyber Insurance Working Group has been established with
leading technology insurers including Liberty International
Underwriters, Zurich Insurance and CNA Europe, and specialist
technology insurance broker Oval. Other insurers are already
looking to join. The group will meet regularly to drive the
development of a framework of recommended information security
practices and policies, including adequate business continuity
plans and corporate information security policies.
Insurers providing security cover will benefit from being able to
demand a specific,structured demonstration of commitment and
integrity.In turn, businesses implementing the standard will
benefit from a strengthened infrastructure and cyber risk
Janet Williams, the lead on cybercrime for the Association of
Chief Police Officers, last month told the FT that companies should
be denied cover against cyber attacks unless they are able to meet
a minimum 'kitemark' security standard.
The cyber insurance market is currently worth an estimated £250
million per year across the EU, with up to a half of this written
in the UK. With high-profile cyber attacks increasingly hitting the
headlines, and cyber crime costing the UK economy £27 billion a
year, the market is rising fast.
Jacob Ingerslev, European Underwriting Director, Technology and
Cyber Risks at CNA Europe, commented: "This is a great opportunity
for us to participate in a working party approach to formulate a
minimum standard for information assurance in the cyber insurance
market. A standard is badly needed, and looks set to become a legal
requirement in the future - we are looking to get ahead of the
curve and be part of the force shaping the market."
Rob Cotton, CEO at NCC Group, added: "This is the culmination of
an ongoing campaign from NCC Group. Too many businesses see cyber
insurance as a means of mitigating risk in itself, but having
adequate information security measures in place both reduces the
premium costs and lowers the risk of suffering a serious cyber
"For insurers to be strict with companies in terms of physical
security is standard practice. The same significance must be
extended to information security."