Insurers Want A Comprehensive Cyber Attack Database

The head of the Association of British Insurers has called on the government to create a database where companies would have to record details of cyber-attacks.

Cyber threats are a growing worry for UK business, and demand for insurance to cover the costs is rising. But some insurers are nervous about offering cover because of a lack of information about the attacks that are taking place.

“We have 350 years of fire data and 100 years of motor and aviation data, but we have just a few years of cyber data,” said Huw Evans, ABI director-general, speaking to the Financial Times. “How do you build a business model in such a data light environment? Nothing scares an insurer more than a lack of data.

A database, he argued, would solve the problem. “If it is not mandatory to report these things, then insurers are not going to have the data they need to provide the right cover. It would have to be mandated by parliament, but it would need to be proportionate and manageable.”

The database would include some details of the company that had suffered the incident, the type of attack, the damage caused, and the costs of clearing up.

“We’d like to see a not for profit, anonymised database covering things like business interruption costs, ransom demands, privacy breach claims and damage to IT systems,” said Mr. Evans.

Cyber-attacks are a growing headache for UK business. High profile companies including TalkTalk and JD Wetherspoon have suffered cyber breaches over the past year but small companies have also been hit.

According to a recent government report, two-thirds of large companies have suffered a cyber breach or attack in the past year, and a quarter experience a breach at least once a month. The average cost of a breach is just over £36,000, but in one incident the costs rose to £3m.

While some companies have insurance to cover these costs, the market is not as developed as it is in the US. There, rules force companies to report details of attacks to regulators and, in some cases, to customers. A new EU regulation that comes into force in 2018 will impose similar requirements on companies in Europe.

That is expected to spur a big jump in take up of cyber insurance, which some in the industry see as a promising avenue for growth.

“The UK insurance industry has always been at the heart of new markets, but the lack of data is a huge inhibitor to the UK being at the core of the cyber market,” said Mr. Evans, who adds that cyber is the biggest insurable risk that the industry will have to meet.

Few other databases of cyber-attacks exist. The European Central Bank has been running a pilot project since February to collect data on cyber incidents from 18 of the Eurozone’s largest banks. It is likely to be rolled out to the rest of the 130 banks that the ECB regulates next year.

Last week the UK head of Marsh, the insurance broker, said financial services companies overestimate the amount of cyber insurance they have. Although half of the executives they surveyed thought they had cover for an attack, an examination of their policies found that only 10 per cent were covered.

FT

« Protecting the Next Generation: Make It Personal
Beware: Top Cyber Scams To Avoid This Summer »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

DCL Search & Select

DCL Search & Select

DCL Search & Selection connect candidates to the best companies in the IT Security, Telco, UC, Outsourcing, ERP, Audit & Control markets.

Black Kite

Black Kite

Black Kite (formerly NormShield) provides comprehensive Security-as-a-Service solutions focused on cyber threat intelligence, vulnerability management and continuous perimeter monitoring.

Rafael

Rafael

Rafael has more than 15 years of proven experience in the cyber arena providing solutions for national security as well as commercial applications.

MACH37

MACH37

MACH37 is a market-centric cybersecurity accelerator program designed to facilitate the creation of the next generation of cybersecurity product companies.

NSHC

NSHC

NSHC is a provider of mobile security solutions, cyber security consulting and training, and offensive research.

Cyber Security Raad (CSR) - Netherlands

Cyber Security Raad (CSR) - Netherlands

The Cyber Security Council (CSR) is a national, independent advisory body of the Dutch government undertaking efforts at strategic level to bolster cyber security in the Netherlands.

Leadcomm

Leadcomm

Leadcomm is a Brazilian company focused on the distribution and integration of IT systems and security solutions for large companies.

World Congress on Industrial Control Systems Security (WCICSS)

World Congress on Industrial Control Systems Security (WCICSS)

The World Congress on Industrial Control Systems Security (WCICSS) is focused on emerging trends in protection of industrial control systems.

Soliton

Soliton

Soliton is a leading Japanese technology company and a pioneer in IT security solutions for protecting company resources and data from external IT security threats.

Constella Intelligence

Constella Intelligence

Constella Intelligence provides digital risk protection services to quickly and efficiently disrupt cyber attacks and data breaches before they occur.

Ostra Cybersecurity

Ostra Cybersecurity

As a next-generation MSSP, Ostra Cybersecurity combines best-in-class tools, proprietary technology and exceptional talent to deliver Fortune 100-level protection for businesses of all sizes.

ATHENE National Research Center For Applied Cybersecurity

ATHENE National Research Center For Applied Cybersecurity

ATHENE is the largest research center for cybersecurity and privacy in Europe, conducting application-oriented top-level research for the benefit of the economy, society and the state.

Colt Technology Services

Colt Technology Services

Colt Technology Services (Colt) is a global digital infrastructure company which creates extraordinary connections to help businesses succeed.

Mediatech

Mediatech

Mediatech, specialized in managed Cybersecurity and Cloud services, a single point of contact for your company's IT and infrastructure.

Afripol

Afripol

AFRIPOL was set up to strengthen cooperation between the police agencies of AU member states in the prevention and fight against organized transnational crime, terrorism, and cybercrime.

Keystrike

Keystrike

Keystrike secures remote connections. Our technology ensures that commands made by an employee were physically made on their computer, rather than by a remote attacker.