A plan to grow the cyber insurance market and improve online security for UK businesses has been unveiled by insurers and the government.
Both parties have committed to work together to develop the cyber insurance offer following a meeting last week where both parties recognised the severity of the risk of cyber attack to UK businesses.
Industry-chaired working groups including representatives from government will be established to deliver this. The working group will focus on key issues and report emerging conclusions back to the Cabinet Office in April 2015.
In a joint statement, UK insurers, the Cabinet Office, UK Trade & Investment, Department for Business, Innovation & Skills, and GCHQ, pledged to make the UK one of the safest places to do business in cyberspace.
According to the 2014 Information Security Breaches Survey, 81% of large businesses and 60% of small business suffered a cyber security breach in the last year, and the average cost of breaches to business has nearly doubled since 2013.
The joint statement said: 'The government believes cyber insurance has a strong role to play in helping firms outside of the critical national infrastructure to manage their cyber risks efficiently.
'The UK insurance sector is a global leader and a natural home for a growing international cyber insurance market.'
It is believed that insurers can drive improvements in cyber security risk management by providing cyber breach and wider operational risk cover, as well as adopting good practice by asking the right questions.
Both insurers and government reminded businesses that cyber insurance does not remove the need for businesses to manage their risk from cyber attack.
They added: 'Not only can cyber insurance help businesses to meet the costs of a security breach event, but it can also provide front end risk analysis to gauge the organisation's exposure to cyber risk, and deliver rapid incident response services that are critical to minimising the impact of a breach.'
But the plan should be seen as part of a 'holistic approach' to cyber risk management including business controls, investment in security and education of staff and customers, both parties stated.
