Government has made it clear that it sees the insurance industry as central to its cyber resilience plans, so the insurance industry must respond
As brokers countdown to the annual Biba conference in Manchester (13-14 May 2026), they need to be prepared for a serious conversation around rising cyber risks.
There is no doubt that insurers will want to talk cyber at the conference – especially as they are being backed into a corner by the UK government pushing ahead with its programme to enhance cyber resilience.
If brokers needed any proof, it came last week (21-23 April 2026) in Glasgow at the CyberUK conference. The head of the UK’s cyber agency said the country is facing a “perfect storm” for cyber security against the backdrop of a new “technological revolution”.
Richard Horne, chief executive at the National Cyber Security Centre, explained that the meeting of rapid technological change driven by developments in AI and geopolitical tensions were giving rise to a period of “tumultuous uncertainty”.
He described a future which was “way beyond” the definition of cyber security as it was understood and practised a decade ago. A future that will require organisations to continually reimagine cyber security.
“Cyber security is the responsibility of everyone, whether they sit on the board or the IT help desk, cyber security is part of their mission,” he explained.
“Organisations that do not focus on their technology base as core to their prosperity are no longer just naïve, but are failing to grasp the reality of today’s world.”
He said government and industry will need to work together to combat this evolving threat.
Pledge to change
In the weeks to come, every major organisation will be invited to sign a new Cyber Resilience Pledge by the UK government.
Read: In Focus: Does UKGI need a cyber public-private partnership?
Read: Cyber fine insurance rules leaving businesses financially exposed – Aon
Explore more cyber-related content here, or discover other briefing stories here
The pledge will invite organisations to make a public commitment to their investors, customers and supply chains, to make cyber security a board responsibility, to sign up to the National Cyber Security Centre’s (NCSC’s) Early Warning service and to require that suppliers are cyber essentials certified – the government’s cyber certification scheme.
Suppliers also face passing this certification process – which will include proof of insurance – or losing access to major clients.
The government has made it clear that it sees the insurance industry as central to its resilience plans and major providers are aware of this fact. However, there is a view that many regional brokers are still not confident in talking to clients about cyber risks.
However, those discussions quite simply must happen, especially as businesses will be required to prove their level of cyber resilience in the summer and beyond.
It is likely that insurers will offer their brokers more education, but in the UK the cyber clock is ticking – like with any looming regulatory change, the market will need to react.
No comments yet