Seven Cyber Security Questions Businesses Need To Ask Themselves

Uploaded on 2020-08-18 in FREE TO VIEW, BUSINESS-Services-IT & Telecoms, BUSINESS-Services-Financial, TECHNOLOGY--Resilience

Britain's National Cyber Security Centre (NCSC) has said, after calls for expert technical advice on the growing cyber insurance market, it made the decision to offer the following questions for senior leaders within organisations.  The new guidance highlights seven cyber security questions that businesses should consider before buying insurance.
 
The NCSC has prepared the cyber insurance guidance in consultation with a range of major stakeholders and industry partners.
 
Businesses are today being urged to consider these seven key security questions as cyber experts roll out a support package to help them with online working during the coronavirus pandemic. COVID-19 has seen many businesses shutter their physical premises and move their operations online, as far as possible. Internet shopping and home working have, almost overnight, become the norm
 
This shift in working practices is very likely to have changed the nature and priorities of the IT services and support which your business requires.
 
The NCSC Urges Businesses To Focus On Answering The Following Seven Questions:
  1.   What existing cyber security defences do you already have in place?
  2.   How do you bring expertise together to assess a policy?
  3.   Do you fully understand the potential impacts of a cyber incident?
  4.   What does the cyber insurance policy cover (or not cover)?
  5.   What cyber security services are included in the policy, and do you need them?
  6.   Does the policy include support during (or after) a cyber security incident?
  7.   What must be in place to claim against (or renew) your cyber insurance policy?
The advice was launched in consultation with major stakeholders and puts the emphasis on companies to think about insurance and risk management strategies. “Businesses rightly want to be as informed as possible before they invest, but when it comes to cyber insurance there simply hasn’t been enough information up to now,” said Sarah Lyons, NCSC deputy director for economy and society engagement....Cyber insurance may not be right for everyone and it can never replace basic good security practice, but I would urge businesses to consider our guidance to help make the decision that’s right for them....Last but not least, this guide helps to clarify that cyber insurance is part of a robust cybersecurity resilient strategy and not the only solution to the evolving risk and exposure,” Lyons said.
 
These questions are intended to help organisations gain a better understanding of the following key areas of corporate security: 
  • Actions needed from the risk management point of view prior to transferring the risk to insurers
  • What to expect during the insurance purchase process
  • Who needs to be involved from the company side; ultimately cyber is an enterprise risk 
  • The Role of the insurance broker or agent
  • Overall information needed by insurers to be able to assess the risk
The NSCS guidance has been welcomed by the British Insurance Brokers’ Association on the basis that, since nearly half of UK firms have reported a cyber attack over the last year, insurance brokers will be in a better position to provide support and advice to firms looking for cover.
 
Furthermore, businesses will benefit from reducing the impact of disruption caused by a cyber attack.  Having insurance can help businesses with recovery if they fall victim to a cyber-attack by reducing disruption to operations and providing financial protection. 
 
While insurance cover can't prevent a breach happening so it is vital for organisations to ensure they have fundamental cyber security defences in place, such as those assessed by the NCSC Cyber Essentials.  Having NCSC certification may in some cases even help with getting a discount on cyber insurance, as insurers know you have implemented basic protections.
 
NCSC:     NCSC:       Insurance Business:       Government Computing:       Infosecuity Magazine
 
For advice about carrying out an effective Cyber Security Audit please contact Cyber Security Intelligence.
 
You Might Also Read:
 
What Is A Cyber Security Audit?:
 
 
 
 
 
« Chinese Hackers Aim To Plunder Taiwan's Semiconductor Industry
Cyber Security Technology Sponsors Formula 1 »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Hitachi ID Systems

Hitachi ID Systems

Hitachi ID Systems offers comprehensive identity management and access governance, privileged access management and password management solutions.

National Cyber Security Centre (NCSC) - United Kingdom

National Cyber Security Centre (NCSC) - United Kingdom

The NCSC acts as a bridge between industry and government, providing a unified source of advice, guidance and support on cyber security, including the management of cyber security incidents.

6cure

6cure

The 6cure Threat Protection solution eliminates malicious traffic to critical services in real time and protects against DDoS attacks.

ProPay

ProPay

ProPay provides secure payment solutions for organizations ranging from small businesses to large enterprises requiring complex payment solutions.

Medigate

Medigate

Medigate is a dedicated medical device security platform protecting all of the connected medical devices on health care provider networks.

CSIRT Italia

CSIRT Italia

CSIRT Italia is the national Computer Security Incident Response Team for Italy.

Cybersecurity Professionals

Cybersecurity Professionals

Search vacancies from top cyber security jobs worldwide on CyberSecurity Professionals. View IT security jobs or upload your CV to be seen by recruiters from industry leading firms.

Sygnia

Sygnia

Sygnia is a cyber technology and services company, providing high-end consulting and incident response support for organizations worldwide.

Littlefish

Littlefish

Littlefish provide world-class, award-winning Managed IT and Cyber Security Services, delivered from our 24/7 UK service centres.

NSR

NSR

NSR provide trusted solutions that deliver positive business outcomes for our clients in cybersecurity and data protection challenges.

TekSynap

TekSynap

TekSynap is a full spectrum Information Technology services provider to federal government agencies.

Flat6Labs

Flat6Labs

Flat6Labs is the MENA region’s leading seed and early stage venture capital firm, currently running the most renowned startup programs in the region.

Armolon

Armolon

Armolon provides comprehensive data breach and cybersecurity, as well cybersecurity audits and certifications, and disaster recovery/business continuity services to clients.

2021.AI

2021.AI

2021.AI serves the growing business need for full oversight and management of applied AI.

Cyberr

Cyberr

We’re transforming cybersecurity recruitment with Cyberr Intelligence – the AI-driven platform that connects top cybersecurity talent, both freelance and permanent, with leading employers worldwide.

Qubika

Qubika

Qubika are shaping the future of next-generation applications by seamlessly integrating high-quality UX, robust security, and AI-driven intelligence.