Insurers Want A Comprehensive Cyber Attack Database

Uploaded on 2016-06-24 in NEWS-News Analysis, FREE TO VIEW, BUSINESS-Services-Financial

The head of the Association of British Insurers has called on the government to create a database where companies would have to record details of cyber-attacks.

Cyber threats are a growing worry for UK business, and demand for insurance to cover the costs is rising. But some insurers are nervous about offering cover because of a lack of information about the attacks that are taking place.

“We have 350 years of fire data and 100 years of motor and aviation data, but we have just a few years of cyber data,” said Huw Evans, ABI director-general, speaking to the Financial Times. “How do you build a business model in such a data light environment? Nothing scares an insurer more than a lack of data.

A database, he argued, would solve the problem. “If it is not mandatory to report these things, then insurers are not going to have the data they need to provide the right cover. It would have to be mandated by parliament, but it would need to be proportionate and manageable.”

The database would include some details of the company that had suffered the incident, the type of attack, the damage caused, and the costs of clearing up.

“We’d like to see a not for profit, anonymised database covering things like business interruption costs, ransom demands, privacy breach claims and damage to IT systems,” said Mr. Evans.

Cyber-attacks are a growing headache for UK business. High profile companies including TalkTalk and JD Wetherspoon have suffered cyber breaches over the past year but small companies have also been hit.

According to a recent government report, two-thirds of large companies have suffered a cyber breach or attack in the past year, and a quarter experience a breach at least once a month. The average cost of a breach is just over £36,000, but in one incident the costs rose to £3m.

While some companies have insurance to cover these costs, the market is not as developed as it is in the US. There, rules force companies to report details of attacks to regulators and, in some cases, to customers. A new EU regulation that comes into force in 2018 will impose similar requirements on companies in Europe.

That is expected to spur a big jump in take up of cyber insurance, which some in the industry see as a promising avenue for growth.

“The UK insurance industry has always been at the heart of new markets, but the lack of data is a huge inhibitor to the UK being at the core of the cyber market,” said Mr. Evans, who adds that cyber is the biggest insurable risk that the industry will have to meet.

Few other databases of cyber-attacks exist. The European Central Bank has been running a pilot project since February to collect data on cyber incidents from 18 of the Eurozone’s largest banks. It is likely to be rolled out to the rest of the 130 banks that the ECB regulates next year.

Last week the UK head of Marsh, the insurance broker, said financial services companies overestimate the amount of cyber insurance they have. Although half of the executives they surveyed thought they had cover for an attack, an examination of their policies found that only 10 per cent were covered.

FT

« Protecting the Next Generation: Make It Personal
Beware: Top Cyber Scams To Avoid This Summer »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

SecureAuth

SecureAuth

SecureAuth delivers cutting edge identity and information security solutions for cloud, mobile, web, and VPN systems.

Morgan Lewis Law

Morgan Lewis Law

Morgan Lewis is an international law firm with offices in North America, Europe, Asia, and the Middle East. Practice areas include Privacy and Cybersecurity.

OneLogin

OneLogin

OneLogin simplifies identity management with secure, one-click access,for employees, customers and partners, through all device types, to all enterprise cloud and on-premise applications.

Hewlett Packard Enterprise (HPE)

Hewlett Packard Enterprise (HPE)

HPE is an information technology company focused on Enterprise networking, Services and Support.

Karamba Security

Karamba Security

Karamba provide an IoT Security solution for ECUs in automobiles which ensures that all cars are protected (not just autonomous cars).

Idemia

Idemia

Idemia is a global leader in security and identity solutions.

CERT-PY

CERT-PY

CERT-PY is the national Computer Emergency Response Team for Paraguay.

CyberOne

CyberOne

CyberOne (formerly Comtact) offer a full stack cybersecurity service to ensure our customers understand the cyber maturity of their organisation.

Ekran System

Ekran System

Ekran System is an advanced insider threat detection solution for companies of any size.

InnoValor

InnoValor

InnoValor realises value from digital innovation for organisations and government. We provide advisory services and develop innovative software solutions, based on our background in research.

CyberQ Group

CyberQ Group

CyberQ is an award winning cyber security consultancy and services provider and an innovator in Artificial Intelligence and Automated Cyber Security.

Onclave Networks

Onclave Networks

Onclave Networks is a global cybersecurity leader, transforming the future of securing all IT/OT devices and systems.

Cybrella

Cybrella

Cybrella offers professional cybersecurity services for small to medium sized businesses and to larger enterprises looking to expand their cybersecurity capabilities.

Tromzo

Tromzo

Tromzo's mission is to eliminate the friction between developers and security so you can scale your application security program.

Shorebreak Security

Shorebreak Security

Shorebreak Securioty specialize in conducting highly accurate, safe, and reliable Information Security tests to determine the risks posed to your business.

GitLab

GitLab

GitLab is a complete DevOps platform, delivered as a single application, fundamentally changing the way Development, Security, and Ops teams collaborate and build software.