The government is recommending that firms stop viewing cyber security as just an IT issue and start to look it from a commercial risk perspective setting out defences and recovery plans should the worst happen.
The suggestion that cyber security is a wider business concern has come out of a joint iniaitive between the government and the insurance industry to try to give the UK the edge in becoming a place of expertise around insuring against risks.
The findings of a report issued from the government found that half of those firms quizzed were unaware that cyber risk insurance is an option even though 60% of small businesses were hit by a breach last year.
The move to drive awareness of cyber security insurance should also have the beneficial effect on the channel of getting the technology higher up on the corporate radar.
For insurance to work a customer would not only have to have an assessment of their commercial risks but would need to have established policies and plans to protect data, all of which should spur a pitch from the channel.
"Insurance is not a substitute for good cyber security but is an important addition to a company’s overall risk management. Insurers can help guide and incentivise significant improvements in cyber security practice across industry by asking the right questions of their customers on how they handle cyber threats," said Francis Maude, minister for the Cabinet Office and Paymaster General.
The report has some recommendations for the insurance industry and for the public sector but also includes this nugget for businesses:
"Firms should review their management of cyber risk – effective risk management needs to include a board-level owner for cyber risk, a joined up recovery plan and the use of stress testing to confirm financial resilience against cyber threats".
"It is part of this government’s long-term economic plan to make the UK one of the safest places in the world to do business online. The UK’s insurance market is world renowned and we want it to be the same in relation to cyber risks," he added.
Mark Weil, CEO of insurance specialist Marsh UK & Ireland, said that other areas of the market were well used to regulating their risk and there would have to be some investment by customers to improve their position.
"Companies will need to upgrade their risk management substantially to cope with the growing threat of cyber attack, including introducing disciplines such as stress-testing, and creating a joined-up recovery plan that brings together financial, operational, and reputational responses," he said.