The UK government's new Cyber Security and Resilience Bill has received backing from the Association of British Insurers (ABI), which says the legislation is a critical step in protecting businesses and national infrastructure from escalating cyber threats.
Chris Bose, ABI director of general insurance policy, highlighted that cyberattacks cost the UK economy billions annually and that insurers paid nearly £200 million in cyber claims last year. He said cyber insurance is increasingly seen as more than a financial safety net, helping companies strengthen security, access expert guidance, and plan for potential incidents.
Bill targets essential services and supply chains
Introduced to Parliament for its first reading, the Bill proposes reforms to the Network and Information Systems (NIS) Regulations 2018, aiming to safeguard essential and digital services. Healthcare, energy, water, and transport sectors would face stricter requirements to reduce disruption to public services such as hospitals and utilities.
The legislation comes amid a surge in cyber threats, with the UK reportedly facing four major cyberattacks per week, frequently targeting critical infrastructure and large businesses.
Under the new rules, medium and large IT and cyber service providers would be regulated for the first time, required to maintain robust security measures and report major incidents promptly.
Regulators could also designate certain suppliers as critical to essential services, including NHS diagnostics or chemical providers for water utilities. Designated companies would need to meet minimum security standards to address vulnerabilities in the supply chain that cybercriminals could exploit.
Cyber insurance market faces pressure and opportunity
The surge in cyber claims — up 230% in the past year, with ransomware a major driver — underscores the growing financial and operational risks for UK businesses. The ABI said the Bill will likely increase demand for cyber insurance and risk management services, as companies seek coverage that not only protects financially but also improves resilience.
Bose said insurers are ready to support the legislation’s aims, helping businesses comply with new regulations while managing cyber risk. The Bill also introduces stricter penalties for serious breaches and grants the Technology Secretary powers to direct preventive actions in high-risk situations.
Richard Horne, CEO of the National Cyber Security Centre, described the legislation as “a crucial step in better protecting our most critical services,” while Science, Innovation, and Technology Secretary Liz Kendall called cyber security “national security,” warning that robust defences are essential to protect the UK economy and public services.
