London – 20 May 2026 – CFC, the specialist insurance provider and market leader in cyber, has achieved Assured Service Provider status having been independently assessed and assured by the National Cyber Security Centre (NCSC) - part of GCHQ - for its cyber incident tabletop exercise programme - reinforcing CFC’s commitment to helping brokers and their corporate clients build genuine cyber resilience.
NCSC assurance recognises CFC’s ability to deliver impactful cyber incident exercises that test how organisations respond to a live cyber crisis - from decision‑making under pressure and internal communications to executive escalation and incident coordination. While many insurers rely on third-party providers, CFC delivers tabletop exercises as part of its own cyber risk management capability, included at no additional cost within its corporate cyber policy. This reflects CFC’s broader focus on helping brokers and clients not only transfer cyber risk, but actively reduce it by improving organisational resilience.
Embedding NCSC assured‑tabletop exercises as standard within our corporate cyber policies is part of how we support brokers in delivering real value to clients Andrew Prendergast , Head of Global Corporate Cyber & Tech, CFC
“Cyber insurance shouldn’t start at the point of loss,” said Andrew Prendergast, Head of Global Corporate Cyber & Tech at CFC. “Our focus is on helping clients well before an incident occurs. Many cyber claims are driven by human and organisational factors, which is why preparedness is so critical. Embedding NCSC assured‑tabletop exercises as standard within our corporate cyber policies is part of how we support brokers in delivering real value to clients, while helping organisations build confidence, resilience and real decision‑making capability.”
NCSC assured Cyber Incident Exercising (CIE) provider status is awarded to organisations that meet rigorous standards for the design and delivery of cyber incident exercises, ensuring scenarios are realistic, technically credible and aligned to real‑world threat activity.
CFC’s tabletop exercise programme is also delivered in alignment with CREST Incident Exercising standards, recognised globally for testing best practice in incident response plans and executive decision‑making. While many insurers reference NCSC guidance or use accredited incident response partners, very few demonstrate their own insurer‑led, NCSC assured and CREST accredited exercising capabilities – representing a clear benefit for brokers and clients. In the event of a real-world cyber incident, preparedness can significantly shape the outcome, enhancing speed, coordination and overall effectiveness.
“Effective cyber exercising has to reflect real‑world threats and pressure,” said Martin Heyde, Managing Director UK & Global Head of Incident Response at CFC. “Achieving NCSC assurance and CREST accreditation recognises the technical robustness of our exercise design and the way we integrate threat intelligence, response workflows and human decision‑making into each scenario.”
The tabletop exercise sits within CFC’s wider suite of corporate cyber risk management services delivered as standard, which include real‑time threat intelligence, zero‑day vulnerability alerts, 24/7 deep and dark web monitoring via CFC’s global Security Operations Centre.
To learn more about CFC's cyber offering, see our website or contact cyber@cfc.com.
