The Cabinet Office (CO) and an insurance broking and risk management firm have joined forces to help businesses tackle cyber risk.
A report entitled "UK Cyber Security: The Role of Insurance in Managing and Mitigating the Risk", published by Marsh, was created with the following aims: to help firms "get to grips with cyber risks", to establish cyber insurance as part of firms' "cyber tool-kits" and to make London the global centre of cyber risk management.
Under the initiative, the government launched Cyber Essentials, a scheme to guide businesses in protecting themselves against cyber risks. A key agreement mentioned in the report was that participating insurers would include the Cyber Essentials certification as part of their risk assessment for SMEs.
To help the insurance industry to establish cyber insurance as part of firms' tool-kits, the report highlighted the need to increase business awareness. It said Lloyd’s, the Association of British Insurers, and the government had agreed to develop a guide on cyber insurance and to host it on their websites. Marsh also recommended companies stop viewing cyber largely as an IT issue and focus on it as a "key commercial risk affecting all parts of its operations".
The report said outside the US, cyber insurance had not been seen as an export opportunity. To make London a global centre for cyber risk management, Lloyd's and UK Trade & Investment agreed to co-operate to promote the cyber capabilities of the London insurance market to key countries around the world.
Francis Maude, minister for the CO, said: "It is part of this government's long-term economic plan to make the UK one of the safest places in the world to do business online. The UK's insurance market is world renowned and we want it to be the same in relation to cyber risks. The market has extensive knowledge and experience of more established risks to help businesses manage and mitigate relatively new cyber risks.
"Insurance is not a substitute for good cyber security but is an important addition to a company's overall risk management. Insurers can help guide and incentivise significant improvements in cyber security practice across industry by asking the right questions of their customers on how they handle cyber threats".
Mark Weil, CEO of Marsh, said: "While critical infrastructure in regulated sectors, such as banks and utility firms, are used to this kind of risk, most firms are not and their risk management practices are geared around lower-level, slower moving risks. Companies will need to upgrade their risk management substantially to cope with the growing threat of cyber attack, including introducing disciplines such as stress-testing, and creating a joined-up recovery plan that brings together financial, operational, and reputational responses."
The report was published in collaboration with 13 London insurers and a number of UK firms.