Insurers Want A Comprehensive Cyber Attack Database

The head of the Association of British Insurers has called on the government to create a database where companies would have to record details of cyber-attacks.

Cyber threats are a growing worry for UK business, and demand for insurance to cover the costs is rising. But some insurers are nervous about offering cover because of a lack of information about the attacks that are taking place.

“We have 350 years of fire data and 100 years of motor and aviation data, but we have just a few years of cyber data,” said Huw Evans, ABI director-general, speaking to the Financial Times. “How do you build a business model in such a data light environment? Nothing scares an insurer more than a lack of data.

A database, he argued, would solve the problem. “If it is not mandatory to report these things, then insurers are not going to have the data they need to provide the right cover. It would have to be mandated by parliament, but it would need to be proportionate and manageable.”

The database would include some details of the company that had suffered the incident, the type of attack, the damage caused, and the costs of clearing up.

“We’d like to see a not for profit, anonymised database covering things like business interruption costs, ransom demands, privacy breach claims and damage to IT systems,” said Mr. Evans.

Cyber-attacks are a growing headache for UK business. High profile companies including TalkTalk and JD Wetherspoon have suffered cyber breaches over the past year but small companies have also been hit.

According to a recent government report, two-thirds of large companies have suffered a cyber breach or attack in the past year, and a quarter experience a breach at least once a month. The average cost of a breach is just over £36,000, but in one incident the costs rose to £3m.

While some companies have insurance to cover these costs, the market is not as developed as it is in the US. There, rules force companies to report details of attacks to regulators and, in some cases, to customers. A new EU regulation that comes into force in 2018 will impose similar requirements on companies in Europe.

That is expected to spur a big jump in take up of cyber insurance, which some in the industry see as a promising avenue for growth.

“The UK insurance industry has always been at the heart of new markets, but the lack of data is a huge inhibitor to the UK being at the core of the cyber market,” said Mr. Evans, who adds that cyber is the biggest insurable risk that the industry will have to meet.

Few other databases of cyber-attacks exist. The European Central Bank has been running a pilot project since February to collect data on cyber incidents from 18 of the Eurozone’s largest banks. It is likely to be rolled out to the rest of the 130 banks that the ECB regulates next year.

Last week the UK head of Marsh, the insurance broker, said financial services companies overestimate the amount of cyber insurance they have. Although half of the executives they surveyed thought they had cover for an attack, an examination of their policies found that only 10 per cent were covered.

FT

« Protecting the Next Generation: Make It Personal
Beware: Top Cyber Scams To Avoid This Summer »

Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

eBook: Practical Guide to Security in the AWS Cloud

eBook: Practical Guide to Security in the AWS Cloud

AWS Marketplace would like to present you with a digital copy of the new book, Practical Guide to Security in the AWS Cloud, by the SANS Institute.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Cyber Security Service Supplier Directory

Cyber Security Service Supplier Directory

Free Access: Cyber Security Service Supplier Directory listing 5,000+ specialist service providers.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Perimeter 81

Perimeter 81

Perimeter 81 is a Zero Trust Network as a Service designed to simplify secure network, cloud and application access for the modern and distributed workforce.

Cylance Smart Antivirus

Cylance Smart Antivirus

An antivirus that works smarter, not harder, from BlackBerry. Lightweight, non-intrusive protection powered by artificial intelligence. BUY NOW - LIMITED DISCOUNT OFFER.

Link11 GmbH

Link11 GmbH

Link11 provides DDoS protection solutions to protect websites and complete server infrastructures from DDoS attacks.

Panda Security

Panda Security

Panda Security provides advanced anti-virus and threat protection solutions for home users and business networks.

Packet Storm

Packet Storm

Packet Storm is an online resource for security tools, whitepapers, exploits, and advisories on computer security issues.

Simula Research Laboratory

Simula Research Laboratory

Simula Research Laboratory carries out research in the fields of communication systems, scientific computing and software engineering.

NEC

NEC

NEC offers a complete array of solutions to governments and enterprises to protect themselves from the threats of digital disruption.

Skurio

Skurio

Skurio create cost-effective, intuitive and powerful Cloud based solutions to identify threats, detect data breaches outside the network and automate the response.

IoT Defense

IoT Defense

IoT Defense (IOTD) is a cybersecurity and networking company building solutions that enable the protection of networks and the ever-increasing prevalence of IoT devices.

NoLeak

NoLeak

The NoLeak DeepAuth platform uses scientific-proven techniques to learn the unique behaviors of online users and continuously authenticate them.