Building on the requirements of the new European Network Information Security Directive, the Association of British Insurers (ABI) is now calling for the creation of a central UK database of cyber incidents. They are advocating that by doing so, insurers throughout the United Kingdom can tackle the current lack of data and help to properly price cyber risk.
Information sharing of this magnitude is crucial for putting the UK at the head of a £14 billion ($20 billion) global market, and better enables the cyber insurance market to grow. Accordingly, it would provide more choice for businesses of all sizes.
The ABI believes that this information is needed urgently to better tackle cyber security, as three out of four SME firms are now reporting security breaches.
Creation of the cyber incident database would be anonymous, and allow businesses and insurers to record details of incidents involving businesses around the UK. While other countries like the US track cyber crimes on a state-by-state basis, this would be the first national database of its kind. It would position the UK as a world leader in cyber insurance.
The database would be a not for profit venture, and the types of cyber crimes detailed within would include business interruption losses, ransom demands, loss of confidential data and even damage to IT systems.
By building the database on the recommendations set out in the European Network Information Security Directive, which states that certain firms must provide notification of cyber incidents from 2018 onwards, anonymous data will be more accessible to insurers.
This data will be used to improve pricing and could potentially drive market growth. Because it would be a world first, it would put the UK in prime position as the global cyber insurance leader.
Cyber losses are still being underestimated, despite the fact they’re the biggest threat to the UK’s world leading digital economy. Therefore, more absolutely must be done to tackle the problem. Cyber crime is, at present, the biggest insurable risk the industry is facing, and it’s critical to the economy.
Without enough data, insurers won’t have the information needed to provide the appropriate coverage. This is a huge inhibitor to being at the core of the global market.
This proposal must be mandated by parliament. It must also be proportionate and manageable in order to remain truly effective. Suggesting it follows on from the ABI’s recent guide, Making Sense of Cyber Insurance.
Cyber crimes are hitting even small businesses in the UK, and include phishing and spear phishing emails and malware attacks that can cause significant losses and upset. It is time that businesses gain advice and guidance from the government and the insurance industry on how to become more resilient in the face of this threat.