A Birmingham IT consultancy has teamed up with a London insurance broker to help UK businesses combat the risks of cyber attacks.
Hubtel IT, based near Coleshill, and Konsileo Commercial Insurance have launched CyberHub - a combined cyber security and cyber insurance package enabling businesses in all sectors to comply with new Government cyber security resilience requirements coming into force next year.
The Cyber Security & Resilience (CS&R) Bil, currently winding its way through the legislative process, is expected to become law in 2027, when UK companies will have to comply with additional cyber security and risk-mitigation requirements.
Hubtel IT and Konsileo’s joint cyber security and cyber insurance packages emerge after many months of uncertainty about what exactly is covered by insurers in the event of a cyber attack, which can be hugely disruptive and costly, as recent high profile victims Jaguar Land Rover, Harrods, M&S and Co-op can attest.
The CS&R Bill is set to receive Royal Assent later this year before hitting to statute book as an Act next year.
Neil Bayliss, CEO of Hubtel IT, said: “We’ve worked together with Konsileo on a suite of measures tailored to protect organisations in all sectors over and above the standards set out in the proposed Bill.
“As well as alignment with the new Cyber Security & Resilience Bill, soon to become an Act when it becomes law, our CyberHub package gives firms peace of mind that they are compliant, continuously protected, mitigating the risk from attacks and resilient should cyber criminals breach their defences.”
Chris Cotterill, client director for Konsileo Commercial Insurance, said: “Recent high profile cyber attacks highlight the real financial impact of cyber crime. Working with Hubtel IT, Konsileo helps organisations build resilience through underwritten policies that support disaster recovery when incidents occur.
“With every industry introducing some form of AI, having a joined-up approach to risk mitigation and risk transfer is crucial.”
The CS&R Bill, introduced to Parliament in November 2025, expands the scope of the UK's 2018 NIS (Network and Information Systems) Regulations, bringing more entities into regulation, including managed service providers, data centres and critical infrastructure.
Organisations classed as critical infrastructure must notify authorities within 24 hours of a reportable cyber incident, and regulators will have greater powers to fine non-compliant entities.
