The cyber threat remains one of the most significant – and growing – risks facing UK business. 81% of large businesses and 60% of small businesses suffered a cyber security breach in the last year, and the average cost of breaches to business has nearly doubled since 2013. Working in partnership, the Government and industry have done much to improve understanding of cyber attacks and how to reduce their impact, yet more needs to be done. As part of this Government’s long-term economic plan, we want to make the UK one of the safest places in the world to do business online.
This report, the result of close working between the Government and the insurance sector, highlights the role insurers and insurance can play in reducing cyber risk. By asking the right questions in addressing cyber risks, insurers and insurance brokers can help promote the adoption of good practice, including the Government’s Cyber Essentials scheme, which will reduce the frequency and cost of breaches.
The report includes some important messages for business. One is the need to value the risk of cyber attack properly. It also shows that many businesses are overestimating the extent to which their existing insurance provides cover for cyber risk. The report demonstrates how the insurance sector can help improve industry’s understanding of cyber insurance.
Another clear conclusion is that some businesses still feel they do not fully understand cyber risk. This highlights the need for companies to have clear accountability structures for cyber risk and to put in place robust cyber security risk management arrangements. We have provided a range of advice and guidance to business, which it can draw on, and a set of basic criteria for all organizations through the Cyber Essentials Scheme.
Cyber security is not just a question of threats – it also represents an opportunity for the UK. The UK has world leading cyber security expertise and cyber security services. The UK insurance sector is already a world-leader. With innovative ideas, like including Cyber Essentials certification as part of insurance cyber risk assessments for small to medium-sized enterprises (SMEs)2, the sector is demonstrating that the UK is the natural home for a growing global cyber insurance market.
2015 Energy Industry Cybersecurity Report
Strategic Cybersecurity: A Toolkit for Prioritizing, Coordinating, and Transforming Your Cybersecurity Program