Insurers Want A Comprehensive Cyber Attack Database

The head of the Association of British Insurers has called on the government to create a database where companies would have to record details of cyber-attacks.

Cyber threats are a growing worry for UK business, and demand for insurance to cover the costs is rising. But some insurers are nervous about offering cover because of a lack of information about the attacks that are taking place.

“We have 350 years of fire data and 100 years of motor and aviation data, but we have just a few years of cyber data,” said Huw Evans, ABI director-general, speaking to the Financial Times. “How do you build a business model in such a data light environment? Nothing scares an insurer more than a lack of data.

A database, he argued, would solve the problem. “If it is not mandatory to report these things, then insurers are not going to have the data they need to provide the right cover. It would have to be mandated by parliament, but it would need to be proportionate and manageable.”

The database would include some details of the company that had suffered the incident, the type of attack, the damage caused, and the costs of clearing up.

“We’d like to see a not for profit, anonymised database covering things like business interruption costs, ransom demands, privacy breach claims and damage to IT systems,” said Mr. Evans.

Cyber-attacks are a growing headache for UK business. High profile companies including TalkTalk and JD Wetherspoon have suffered cyber breaches over the past year but small companies have also been hit.

According to a recent government report, two-thirds of large companies have suffered a cyber breach or attack in the past year, and a quarter experience a breach at least once a month. The average cost of a breach is just over £36,000, but in one incident the costs rose to £3m.

While some companies have insurance to cover these costs, the market is not as developed as it is in the US. There, rules force companies to report details of attacks to regulators and, in some cases, to customers. A new EU regulation that comes into force in 2018 will impose similar requirements on companies in Europe.

That is expected to spur a big jump in take up of cyber insurance, which some in the industry see as a promising avenue for growth.

“The UK insurance industry has always been at the heart of new markets, but the lack of data is a huge inhibitor to the UK being at the core of the cyber market,” said Mr. Evans, who adds that cyber is the biggest insurable risk that the industry will have to meet.

Few other databases of cyber-attacks exist. The European Central Bank has been running a pilot project since February to collect data on cyber incidents from 18 of the Eurozone’s largest banks. It is likely to be rolled out to the rest of the 130 banks that the ECB regulates next year.

Last week the UK head of Marsh, the insurance broker, said financial services companies overestimate the amount of cyber insurance they have. Although half of the executives they surveyed thought they had cover for an attack, an examination of their policies found that only 10 per cent were covered.

FT

« Protecting the Next Generation: Make It Personal
Beware: Top Cyber Scams To Avoid This Summer »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

UK Cyber Week Expo & Conference

UK Cyber Week Expo & Conference

Award-winning event organiser ROAR B2B announces the launch of UK Cyber Week and its inaugural event on 4 and 5 April 2023 at the Business Design Centre, London.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Cambray Solutions

Cambray Solutions

Cambray Solutions LLC., is a leading technology consulting and software solutions company.

Luxar Tech

Luxar Tech

Luxar's network visibility products enable enterprises and service providers to monitor network traffic, improve security and optimize efficiency.

BGD E-GOV CIRT

BGD E-GOV CIRT

BGD e-GOV CIRT's mission is to support government efforts to develop ICT programs by establishing incident management capabilities within Bangladesh.

RazorSecure

RazorSecure

RazorSecure provides cyber security solutions for Aviation, Rail & Automotive transport systems.

SafeRide Technologies

SafeRide Technologies

SafeRide is a leading provider of anomaly uncovering and cyber threat prevention solution for connected and autonomous vehicles.

PAS Global

PAS Global

PAS provides process safety, cybersecurity, and asset reliability solutions for the energy, process, and power industries worldwide.

Forensic Pathways

Forensic Pathways

Forensic Pathways focus on the provision of digital forensic technologies, offering clients unique technologies in the management of mobile phone data, image analysis and ballistics analysis.

Acceptto

Acceptto

Acceptto offers the first unified and continuous authentication identity access platform with No-Password.

1Kosmos

1Kosmos

1Kosmos provide Digital Identity and Passwordless Authentication for workforce and customers. Powered by advanced biometrics and blockchain technology.

Hackuity

Hackuity

Hackuity is a breakthrough technology solution that rethinks the way of managing IT vulnerabilities in enterprises.

Gunnison Consulting Group

Gunnison Consulting Group

Gunnison Consulting Group serves the Federal Government with high quality IT consulting services.

Transparity Cyber

Transparity Cyber

Transparity Cyber is dedicated to cybersecurity. As part of the Transparity Group we’re an established name in the Microsoft Cloud landscape, with a focus on cybersecurity excellence.

Rootshell Security

Rootshell Security

Rootshell Security is transforming vulnerability management with its vendor-agnostic Prism Platform and industry-leading offensive security assessments.

Persistent Systems

Persistent Systems

Persistent Systems are a trusted Digital Engineering and Enterprise Modernization partner, combining deep technical expertise and industry experience to help our clients.

CDS

CDS

CDS is a strategic change agency enabling organisations and businesses to create and build better services to meet the evolving needs of customers, employees and citizens.

WinMagic

WinMagic

At WinMagic, we’re dedicated to making authentication and encryption solutions that protect data without causing user friction so that everyone can work freely and securely.