Insurers Want A Comprehensive Cyber Attack Database

The head of the Association of British Insurers has called on the government to create a database where companies would have to record details of cyber-attacks.

Cyber threats are a growing worry for UK business, and demand for insurance to cover the costs is rising. But some insurers are nervous about offering cover because of a lack of information about the attacks that are taking place.

“We have 350 years of fire data and 100 years of motor and aviation data, but we have just a few years of cyber data,” said Huw Evans, ABI director-general, speaking to the Financial Times. “How do you build a business model in such a data light environment? Nothing scares an insurer more than a lack of data.

A database, he argued, would solve the problem. “If it is not mandatory to report these things, then insurers are not going to have the data they need to provide the right cover. It would have to be mandated by parliament, but it would need to be proportionate and manageable.”

The database would include some details of the company that had suffered the incident, the type of attack, the damage caused, and the costs of clearing up.

“We’d like to see a not for profit, anonymised database covering things like business interruption costs, ransom demands, privacy breach claims and damage to IT systems,” said Mr. Evans.

Cyber-attacks are a growing headache for UK business. High profile companies including TalkTalk and JD Wetherspoon have suffered cyber breaches over the past year but small companies have also been hit.

According to a recent government report, two-thirds of large companies have suffered a cyber breach or attack in the past year, and a quarter experience a breach at least once a month. The average cost of a breach is just over £36,000, but in one incident the costs rose to £3m.

While some companies have insurance to cover these costs, the market is not as developed as it is in the US. There, rules force companies to report details of attacks to regulators and, in some cases, to customers. A new EU regulation that comes into force in 2018 will impose similar requirements on companies in Europe.

That is expected to spur a big jump in take up of cyber insurance, which some in the industry see as a promising avenue for growth.

“The UK insurance industry has always been at the heart of new markets, but the lack of data is a huge inhibitor to the UK being at the core of the cyber market,” said Mr. Evans, who adds that cyber is the biggest insurable risk that the industry will have to meet.

Few other databases of cyber-attacks exist. The European Central Bank has been running a pilot project since February to collect data on cyber incidents from 18 of the Eurozone’s largest banks. It is likely to be rolled out to the rest of the 130 banks that the ECB regulates next year.

Last week the UK head of Marsh, the insurance broker, said financial services companies overestimate the amount of cyber insurance they have. Although half of the executives they surveyed thought they had cover for an attack, an examination of their policies found that only 10 per cent were covered.

FT

« Protecting the Next Generation: Make It Personal
Beware: Top Cyber Scams To Avoid This Summer »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

authen2cate

authen2cate

Authen2cate offers a simple way to provide application access with our Identity and Access Management (IAM) solutions for enterprise, small business, and individual customers alike.

Infowhiz solutions

Infowhiz solutions

Infowhiz provides solutions for backup/disaster recovery and network security.

Cybersecurity Association of Maryland (CAMI)

Cybersecurity Association of Maryland (CAMI)

CAMI’s mission is to create a global cybersecurity marketplace in Maryland and generate thousands of high-pay jobs through the cybersecurity industry.

United Security Providers

United Security Providers

United Security Providers is a leading specialist in information security, protecting IT infrastructures and applications for companies with high demands on security.

Asseco Group

Asseco Group

Asseco Poland stands at the forefront of the multinational Asseco Group. We are a leading provider of state-of-the-art IT solutions in Central and Eastern Europe.

Maven Technologies

Maven Technologies

Maven Technologies specialize in secure data destruction, electronics recycling, asset management, and highly detailed reporting.

Startup Wise Guys

Startup Wise Guys

Startup Wise Guys is a mentorship-driven accelerator program for early stage B2B SaaS, Fintech, Cybersecurity & Defense AI startups.

CNS Group

CNS Group

CNS Group provides industry leading cyber security though managed security services, penetration testing, consulting and compliance.

GoSecure

GoSecure

GoSecure Managed Detection and Response helps all organizations reduce dwell time by preventing breaches before they happen.

Loki Labs

Loki Labs

Loki Labs provides expert cyber security solutions and services, including vulnerability assessments & penetration testing, emergency incident response, and managed security.

SecurityGate

SecurityGate

SecurityGate.io is the only Integrated Risk Management platform built for OT/ICS cybersecurity.

Binary Security AS

Binary Security AS

Binary Security is a Norwegian information security consultancy company. We are specialists at application security, penetration testing and secure code reviews.

Moviri

Moviri

Moviri combines security technology engineering, intelligence expertise and our data science DNA to help companies manage digital risk end-to-end.

Knowledge Lens

Knowledge Lens

Knowledge Lens builds innovative solutions on niche technology areas such as Big Data Analytics, Data Science, Artificial Intelligence, Internet of Things, Augmented Reality, and Blockchain.

Entech

Entech

Entech is a managed IT service provider. We work behind the scenes on your network to ensure data security and integrity.

Closed Door Security

Closed Door Security

Closed Door Security is the only cybersecurity team in the north of Scotland offering everything from IASME Certification to CREST-Accredited penetration testing.