Draft UK Cyber Code: Impact on Cyber Insurers

In an attempt to bring improvement in cyber governance in the United Kingdom, the government recently unveiled a draft Cyber Governance Code. Specifically designed to guide directors and business leaders, the draft code seeks to enforce better cyber risk governance across organisations.

The Scope of the Draft Code

The draft code, co-designed with a consortium of cyber and governance experts, outlines five overarching principles for effective cyber governance. These include risk management, cyber strategy, people, incident planning and response, and assurance and oversight.

Each principle is supplemented with specific action points to facilitate clear understanding and implementation.

The Impact of the Draft Code on Businesses

According to the draft code, companies are expected to focus on regular risk assessment, appropriate monitoring, and the establishment of cross-functional working groups.

The introduction of the draft code signifies a crucial step towards normalising cybersecurity measures within organisations. It also weighs on the importance of having proper incident response plans and promoting a proactive approach to cyber threats.

The Impact of the Draft Code on Insurers

The introduction of the draft code has implications for the cyber insurance industry. The guidelines outlined in the code align closely with underwriters’ approach to onboarding and the continuous engagement over cyber risk that lies at the heart of any good cyber insurance policy.

The draft code could streamline the risk assessment process for insurers. The proposed kitemark for compliant companies could further support the risk transfer process, making it easier for cyber insurers to assess and manage risks.


The UK’s draft Cyber Governance Code could have a significant impact on the cyber insurance industry. The benefits it offers in terms of improved risk management and cyber governance make it a promising development for cyber insurers.

ZRC believes that despite the challenges, the draft code could serve as a crucial tool for closing the cyber insurance protection gap. It could provide a framework for companies to improve their cybersecurity measures, reduce their vulnerability to cyber threats and make them more attractive to insurers.

Reference: https://www.gov.uk/government/calls-for-evidence/cyber-governance-code-of-practice-call-for-views/cyber-governance-code-of-practice-call-for-views

Scroll to top