London Sector Hub

Cyber Essentials for Lloyd's Syndicates Managing Agents, Coverholders & MGAs

Fig Group certifies Lloyd's syndicates, managing agents, coverholders and MGAs across the London Market. We work with the specific compliance reality of Lime Street - PRA SS1/21 operational resilience, Lloyd's Minimum Standards, Principles for Doing Business, and the internal IT standards each managing agent enforces on its bureaux. Certification is delivered on a published flat fee with six-hour turnaround for compliant submissions.

View pricingSpeak to the team

The London Market operates on trust, and trust in 2026 requires evidence. Lloyd's managing agents routinely ask their coverholders, MGAs, bureau service providers and data vendors to demonstrate Cyber Essentials as a baseline, with Cyber Essentials Plus increasingly expected for any counterparty touching bound business or claims data. Fig Group assesses every tier of the London Market supply chain on the same flat fee and the same six-hour SLA, and we sit a ten-minute walk from Lime Street.

Why the London Market now requires Cyber Essentials

PRA Supervisory Statement 1/21 (Operational resilience: impact tolerances for important business services) put cyber at the top of the supervisory agenda for UK insurers, and the Lloyd's Minimum Standards expect each managing agent to have an equivalent framework in place for its own supply chain. In practice this translates into supplier due-diligence questionnaires that increasingly name Cyber Essentials (or Cyber Essentials Plus) as an explicit baseline alongside ISO 27001 mapping, SOC 2 Type II, or bespoke Lloyd's IT Security Self-Assessments.

The commercial pressure is compounded by the claims environment. London Market reinsurers and retro counterparties price in the cyber risk they can see in the chain - which means coverholders and MGAs who cannot evidence baseline hygiene find themselves quoted with punitive retention loadings or excluded from certain categories altogether. Cyber Essentials will not replace a sophisticated information security management system, but it is the lowest-cost piece of paper that gets a London Market supplier through the first pass of a managing agent's DDQ.

What Cyber Essentials actually covers for a syndicate

The scheme assesses five NCSC control categories: firewalls and internet gateways, secure configuration, security update management (patches within fourteen days of release), user access control (with mandatory multi-factor authentication under v3.3), and malware protection. For a Lloyd's managing agent the practical scoping decisions matter more than the controls themselves. Typical scoping questions we work through: are the bureau workstations running on the managing agent's domain or the coverholder's; is the underwriter's remote-access VPN terminating into the agent's infrastructure or a third-party broker platform; does the back-book policy administration system count as in-scope even though it is provided by a software vendor on a SaaS contract.

Cyber Essentials Plus adds an external vulnerability scan of internet-facing assets and a sampled technical audit of end-user devices to confirm that the five controls are operating in practice, not only on paper. For bound-business-touching systems the Plus variant is increasingly the only variant that carries procurement weight.

Fig Group's approach with Lloyd's clients

We publish every fee upfront (from £299.99 + VAT for self-assessed Cyber Essentials, from £1,499 + VAT for Cyber Essentials Plus) and apply the same fee irrespective of the client's revenue, so a Lloyd's coverholder writing £100 million a year pays no more than an MGA writing £2 million. Compliant submissions are certified within six hours. If remediation is required we include three feedback rounds at no additional cost - material because a syndicate's compliance team does not want to go back to the Risk & Compliance committee asking for a second budget line halfway through.

Our central-London office at 167-169 Great Portland Street is ten minutes from Lime Street and twenty minutes from most of the City's managing agent buildings, which is useful when a Plus scoping call benefits from being in the room with the head of IT and the CRO.

6-hour guarantee

Issued within six hours of a compliant submission.

From £299.99 + VAT

Published flat fee. Never quoted on revenue.

IASME licensed

Authorised certification body for CE and CE Plus.

3 free reviews

Included if remediation is needed.

Further reading for lloyd's syndicates

Compliance

Cyber Essentials Certification Bodies Based in London

Looking for a Cyber Essentials certification body with a London presence? We compare the options available to London-based organisations.

Compliance

Cyber Essentials vs Cyber Essentials Plus: Which Do You Need?

A detailed comparison of Cyber Essentials and Cyber Essentials Plus certification levels. Understand the differences in assessment, cost, credibility, and which level is right for your organisation.

Compliance

Cyber Essentials v3.3 MFA Requirement: What You Need to Know

The v3.3 update to Cyber Essentials makes multi-factor authentication mandatory for all user accounts. Here is what changed, who is affected, and how to comply.

Where Lloyd's Syndicates concentrate in London

Fig Group certifies organisations across every London borough. These boroughs are the main clusters for lloyd's syndicates:

City of LondonWestminsterTower Hamlets

Lloyd's Syndicates: Frequently asked questions

Ready to certify your lloyd's syndicates organisation?

Six-hour guarantee for compliant submissions. Three free review rounds. Published flat fee from £299.99 + VAT.

View pricing Ask a question

Speak to the team

Tell us about your lloyd's syndicates organisation and we will come back with a fixed price and a target certification date.