Europe’s citizens and businesses could benefit from better protection for their computer systems and data if the cyber insurance market can be kick-started, according to a recently released report from the European Network and Information Security Agency (ENISA).
The report –Incentives and barriers to the cyber insurance market in Europe – highlights the fact that “while cyber security is an important concern for European and national policy makers, businesses and citizens, the traditional coverage offered by Europe’s insurance providers may, with some exceptions, not comprehensively address digital risk.”
ENISA said: “Obstacles to the development of an effective cyber insurance market include lack of actuarial data on the extent of the risk and uncertainty about what type of risk should be insured against.”
In addressing these issues the report made four specific recommendations, as follows:
— Collect empirical data on cyber insurance in Europe, looking at types of risk insured, premiums paid and levels of payouts to determine future trends. The action could be taken by insurance underwriters, firms or regulatory authorities.
— Examine incentives for firms to improve their data security as a way for them to reduce their risk and financial liability if they breach data protection regulations. Fact finding with the European Commission would be a first step to understanding this area.
— Establish agreed frameworks to help firms put a measurable value on their information. The work could be assisted by privacy and information security advisors, underwriters and the European Commission. ENISA could also provide further support.
— Explore the role of governments as an insurer of last resort, following other models where policy intervention is in evidence when catastrophic risk is involved. This could be investigated by EU Member State governments and the European Commission.
ENISA’s Executive Director, Professor Udo Helmbrecht, commented: “This new ENISA report indicates that there is potential for Europe’s cyber security policies and legislation must be complemented by a prevention-focused cyber insurance market.
“As well as providing reassurance that proper cover was available, a developed market in this area would help to improve levels of cyber security by putting a true cost on cyber incidents and showing the benefits of implementing good security practices.”