Foi Request foi-disclosure

UKGC Cyber Insurance Costs Just £500

By Dr. Sarah Chen · Fact-checked by Mark Sullivan, Corporate Investigations Editor

FOI request reveals regulator's cyber liability insurance is bundled with a basic certification scheme.

A Freedom of Information request has revealed the UK Gambling Commission pays just £500 + VAT for its annual cyber liability insurance. The policy is included as part of the regulator's basic Cyber Essentials certification. This disclosure provides insight into the data security measures of the organisation overseeing the UK's multi-billion-pound gambling industry.

UKGC Cyber Insurance Costs Just £500
Illustration for UKGC Cyber Insurance Costs Just £500

A Freedom of Information (FOI) disclosure has revealed that the UK Gambling Commission (UKGC), the regulator for Great Britain's gambling industry, secures its cyber liability insurance for an annual cost of £500 plus VAT.

The data, released following a request dated 27 January 2023, shows the insurance policy is not a standalone product but is included as part of the organisation's 'Cyber Essentials' certification.

Why This Matters

The UKGC is the central repository for a vast amount of sensitive information. This includes data on gambling licensees, financial details related to licence fees and regulatory fines, and potentially personal information from individuals who have submitted complaints or evidence for investigations. The robustness of its own data security measures is therefore of significant public interest, as it sets a benchmark for the industry it oversees.

This disclosure provides consumers and industry observers with a clear, factual baseline for the regulator's investment in its own cyber defence and liability coverage.

Breakdown of the FOI Response

The request sought specific details about the Gambling Commission's cyber insurance arrangements. The UKGC provided a full disclosure, confirming the following:

  • Insurance Status: The Commission holds cyber liability insurance as part of its Cyber Essentials certification.
  • Provider: The policy and certification are provided through IASME, the delivery partner for the government-backed Cyber Essentials scheme.
  • Cost: The total cost for both the certification and the included insurance is £500 + VAT.
  • Renewal: At the time of the request, the policy was due for renewal in May 2023.

Cyber Essentials is a UK government-backed scheme designed to help organisations of any size protect themselves against a range of common cyber attacks. The included liability insurance is intended to provide a basic level of cover in the event of a data breach.

Significance for the Gambling Industry

While the UKGC's choice of a foundational security certification is a recognised standard, the £500 cost for both certification and insurance provides a new data point for assessing the regulator's operational priorities. For consumers, it offers a tangible figure to understand the level of investment the UKGC makes in protecting the data it holds.

Gambling operators, which process millions of daily transactions and hold extensive personal and financial data on customers, typically invest in far more comprehensive and expensive cybersecurity infrastructure and insurance policies. This disclosure highlights the distinction between the baseline security posture of the regulator and the more extensive requirements placed upon the commercial entities it licenses.

D

Written by

Research & Data Lead

PhD in Public Policy, London School of Economics. Member of the Royal Statistical Society. Published in the Journal of Gambling Studies and Addiction Research & Theory.

Dr. Chen holds a PhD in Public Policy from the LSE and has 8 years of experience in quantitative research, including 3 years as a Research Fellow at the Responsible Gambling Trust analysing operator self-exclusion data.

UKGC Freedom of Information Cyber Security Data Protection Regulation

More Insights