Seven Cyber Security Questions Businesses Need To Ask Themselves

Uploaded on 2020-08-18 in FREE TO VIEW, BUSINESS-Services-IT & Telecoms, BUSINESS-Services-Financial, TECHNOLOGY--Resilience

Britain's National Cyber Security Centre (NCSC) has said, after calls for expert technical advice on the growing cyber insurance market, it made the decision to offer the following questions for senior leaders within organisations.  The new guidance highlights seven cyber security questions that businesses should consider before buying insurance.
 
The NCSC has prepared the cyber insurance guidance in consultation with a range of major stakeholders and industry partners.
 
Businesses are today being urged to consider these seven key security questions as cyber experts roll out a support package to help them with online working during the coronavirus pandemic. COVID-19 has seen many businesses shutter their physical premises and move their operations online, as far as possible. Internet shopping and home working have, almost overnight, become the norm
 
This shift in working practices is very likely to have changed the nature and priorities of the IT services and support which your business requires.
 
The NCSC Urges Businesses To Focus On Answering The Following Seven Questions:
  1.   What existing cyber security defences do you already have in place?
  2.   How do you bring expertise together to assess a policy?
  3.   Do you fully understand the potential impacts of a cyber incident?
  4.   What does the cyber insurance policy cover (or not cover)?
  5.   What cyber security services are included in the policy, and do you need them?
  6.   Does the policy include support during (or after) a cyber security incident?
  7.   What must be in place to claim against (or renew) your cyber insurance policy?
The advice was launched in consultation with major stakeholders and puts the emphasis on companies to think about insurance and risk management strategies. “Businesses rightly want to be as informed as possible before they invest, but when it comes to cyber insurance there simply hasn’t been enough information up to now,” said Sarah Lyons, NCSC deputy director for economy and society engagement....Cyber insurance may not be right for everyone and it can never replace basic good security practice, but I would urge businesses to consider our guidance to help make the decision that’s right for them....Last but not least, this guide helps to clarify that cyber insurance is part of a robust cybersecurity resilient strategy and not the only solution to the evolving risk and exposure,” Lyons said.
 
These questions are intended to help organisations gain a better understanding of the following key areas of corporate security: 
  • Actions needed from the risk management point of view prior to transferring the risk to insurers
  • What to expect during the insurance purchase process
  • Who needs to be involved from the company side; ultimately cyber is an enterprise risk 
  • The Role of the insurance broker or agent
  • Overall information needed by insurers to be able to assess the risk
The NSCS guidance has been welcomed by the British Insurance Brokers’ Association on the basis that, since nearly half of UK firms have reported a cyber attack over the last year, insurance brokers will be in a better position to provide support and advice to firms looking for cover.
 
Furthermore, businesses will benefit from reducing the impact of disruption caused by a cyber attack.  Having insurance can help businesses with recovery if they fall victim to a cyber-attack by reducing disruption to operations and providing financial protection. 
 
While insurance cover can't prevent a breach happening so it is vital for organisations to ensure they have fundamental cyber security defences in place, such as those assessed by the NCSC Cyber Essentials.  Having NCSC certification may in some cases even help with getting a discount on cyber insurance, as insurers know you have implemented basic protections.
 
NCSC:     NCSC:       Insurance Business:       Government Computing:       Infosecuity Magazine
 
For advice about carrying out an effective Cyber Security Audit please contact Cyber Security Intelligence.
 
You Might Also Read:
 
What Is A Cyber Security Audit?:
 
 
 
 
 
« Chinese Hackers Aim To Plunder Taiwan's Semiconductor Industry
Cyber Security Technology Sponsors Formula 1 »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Thycotic

Thycotic

Thycotic prevents cyber attacks by securing passwords, protecting endpoints and controlling application access.

Hiscox

Hiscox

Hiscox offers cyber and data risks insurance to protect your business against the risks of holding data and using computer systems..

Federal Office For Information Security (BSI) - Germany

Federal Office For Information Security (BSI) - Germany

The BSI (Bundesamt fur Sicherheit in der Informationstechnik) is the federal cyber security agency and the chief architect of secure digitalisation in Germany.

Logsign

Logsign

Logsign is a Security Orchestration, Automation and Response (SOAR) platform with next-gen Security Information and Event Management (SIEM) solution.

Information System Security Directorate (ISSD) - Afghanistan

Information System Security Directorate (ISSD) - Afghanistan

Information System Security Directorate (ISSD) is the Directorate of MCIT responsible for the security of critical information infrastructures in Afghanistan.

SCADASUDO

SCADASUDO

SCADASUDO is a cyber solution architecture and design office, established by leading experts in the field of OT (Industrial control) and IT (information Technology).

GELLIFY

GELLIFY

GELLIFY is the first innovation platform dedicated to the high-tech B2B market, supporting start-ups and companies.

Gijima

Gijima

Gijima is one of SA’s leading ICT companies in Cloud & Outsourcing, Systems integration, Human Capital Management & Training, Cybersecurity, and Unified Communications.

Cybersecurity Maturity Model Certification Center of Excellence (CMMC COE)

Cybersecurity Maturity Model Certification Center of Excellence (CMMC COE)

CMMC COE is an IT-AAC sponsored public–private partnership that will be the focal point for entities seeking to achieve Cybersecurity Maturity Model Certification.

Securolytics

Securolytics

Securolytics offers the simplest, most complete and affordable IoT security for all organizations. Securolytics quickly identifies unmanaged devices to reduce security and compliance risks.

Brennan IT

Brennan IT

For over 25 years, Brennan’s expert team has helped businesses achieve real success through innovative and secure technology solutions.

Athena7

Athena7

Athena7 is a dedicated assessment practice committed to helping organizations understand how their infrastructure, backups, and security controls will withstand the latest threat actor tactics.

Aspiron Search

Aspiron Search

Aspiron Search is a niche-focused Cybersecurity search firm that works exclusively with venture-backed Cybersecurity firms.

Fernao Group

Fernao Group

Fernao offer you all solutions from a single source - from cyber security, business resilience and digital infrastructure to cloud technologies and pentesting.

Net Essence

Net Essence

Net Essence is a Managed IT Services Provider. We deliver effective, reliable and fit-for-purpose IT solutions for SMEs based in the UK.

HyperSphere

HyperSphere

HyperSphere Data Protect is a patented technology establishing the world’s first cyberstorage solution designed to make data resilient against AI and quantum threats.