Cyber Risk Insurance Forum campaign launched

Link to Cyber Risk Insurance Forum  The Cyber Risk Insurance Forum (CRIF), the group established to develop a security framework for companies taking out cyber insurance, has held its inaugural meeting, expanding its membership and developing two lines of focus for its on-going campaign.
Global information assurance firm NCC Group, with Liberty International Underwriters (LIU), Zurich Insurance, CNA Europe and Oval, established the group earlier this year under the Cyber Insurance Working Group title.
The founding members have now increased to include Thales, Continuity Forum, ACE Insurance and Hill & Knowlton, bringing together a broader spectrum of thought leaders.
CRIF Chairman, Daljitt Barn said: “Cyber insurance doesn’t mitigate the risk of suffering a cyber attack in itself, but if combined with cyber risk best practice, it will. Driving development of those guidelines depends on making organisations aware of the risks that they face.”
The Cyber Risk Insurance Forum seeks to develop a framework of recommended information security practices and policies to support the uptake of cyber insurance, protecting insurers and businesses alike.
The name change was implemented following the group’s first meeting, as part of a concerted focus on risk mitigation. 
Matthew Hogg of LIU, a founding Member of CRIF explains: “We realise from our discussions with industry that a two-pronged attack is necessary to drive our campaign forward." 
He adds "The Cabinet Office reckons that cyber crime costs the UK economy £27 billion a year, so it’s clearly a major threat, but too many businesses still don’t appreciate fully how this affects them, or what steps they can take to help make themselves safer. They need guidelines commensurate with the size of the organisations and their risk exposure in their given vertical, along with awareness-raising of cyber risk and insurance.”
As a result over the coming year CRIF will focus on two policy activities: developing awareness of cyber insurance, and providing practical guidance on mitigating cyber risk.
This value of guidelines would no doubt be shared by Janet Williams, the lead on cyber crime for the Association of Chief Police Officers, who has proposed the introduction of a ‘kitemark’ security standard, which companies seeking cover against cyber attacks may be encouraged to meet. More recently, the European Network and Information Security Agency (ENISA) has called on the cyber insurance market to help improve the standards of information security adopted by their insureds.
CRIF is also highlighting that whilst most of the headlines are restricted to the public interest / high profile losses suffered by household-name companies, it is the actually the smaller businesses that are often the most vulnerable. Without the access to the vast security budgets or the dedicated personnel available to global enterprises, they may be an easier target for the emerging sophisticated cyber criminals.  According to security company Symantec, the makers of the Norton Anti-Virus software, 36% of all attacks globally are aimed at SMEs. 
By following simple guidelines and adopting best practice recommended by Cyber insurers, a business becomes aware of the emerging risks facing them.  They are in a better position to put in place preventative measures and seek a lower premium for insurance against the persistent threat or unexpected event.
Continuity Forum Comment 
Cyber Risk has become an ever present threat to organisations, business and people. Hacking, identity theft, malicious cyber attacks are mainstream and commonplace today. The news is full of reports of organisations and people being affected and seriously disrupted. No one sector can really manage the whole topic of Cyber Risk, but everyone can make sure they are doing their part to minimise the threat and reduce the potential impact and losses.  
Consequently, CRIF has been formed to provide direct guidance and advice on the insurance dimensions and what organisations should be doing to ensure the right, policies, services and capabilities are available to support the organisations needs.
If you would like to know more about the Cyber Risk Insurance Forum please do get in touch HERE!
About CRIFLink to CRIF - Cyber Risk Insurance Forum
The Cyber Risk Insurance Forum are a group of commercial and non-commercial organisations all working together to enable purchasers of insurance to achieve effective management of residual risk.  We will advocate that organisations demonstrate risk and security practices which will help facilitate their purchase of effective cyber liability insurance. 
As part of this, the Cyber Risk & Insurance Forum (CRIF) is dedicated to raising the awareness of information assurance within the Cyber Insurance market and Risk Management community through the development of best practices.