Experts from the NCSC examine how cyber insurance can form part of a wider charity cyber security strategy
Cub Llewelyn-Davies, Charity Sector Lead from the National Cyber Security Centre, introduces the concept of cyber security and examines what place it has within the wider framework of charity cyber security
The charity cyber security landscape has seen a number of changes in the last few months. With a sudden and near-total shift to remote working (and now a more measured transition to blended working) many charities have had to re-examine their existing cyber security practices.
This gives organisations the opportunity to build a more complete cyber security infrastructure: to develop, from the ground up, an integrated cyber security strategy tailored to their organisational needs. We are seeing charities add additional layers of protection to their security, and integrate new solutions into existing frameworks.
One aspect of this framework that you may not have thought of is cyber insurance. This is a form of cover designed to protect your business from threats, such as data breaches or malicious cyber attacks.
The NCSC has issued new guidance for charities on how cyber insurance can form part of a wider cyber security framework.
To help protect your Charity online, the NCSC has developed a series of resources that you can use as a first port of call. It’s vital that the appropriate defences are put in place to protect your charity. We are increasingly being asked complementary solutions such as cyber insurance, and about how these solutions can fit within an organisation’s overall approach to cyber risk.
While we can’t tell you what your exact insurance needs are, we have looked at useful cyber security considerations, and come up with some questions that can help you work out what - if anything - is right for your organisation.
This new guidance is not a buyers guide to cyber security insurance. What it will do is help you decide if cyber insurance could contribute to how you manage your cyber risk.
Some of these questions may help you think about what cyber security defences you already have in place, and what you want to protect the most. Most importantly, buying cyber insurance doesn’t mean you no longer have to worry about cyber attacks. You can protect your organisation by ensuring you have fundamental cyber security safeguards in place, such as those certified by Cyber Essentials, or Cyber Essentials Plus For organisations with turnovers of less than £20 million, achieving either certification now automatically gives you £25,000 limit of cyber indemnity insurance cover.
We have also suggested a couple of questions you may wish to discuss with your insurance broker or provider, to help you understand:
To fully understand what kind of cyber insurance policy is right for you, you need to identify the risks your charity faces. Many organisational risks (such as financial risk or legal risk) have a cyber component to them, so it’s really important to look at cyber security as an integral part of your organisational risks. Good risk management will help you to make better, more informed decisions about your overall cyber security, and help you understand if cyber insurance should be part of that.