ABI calls for national cyber database

The ABI is today calling for a national, anonymised database recording details of cyber incidents at businesses to be established in order to help the UK become a world leader in cyber insurance. The not-for-profit database would contain details of cyber incidents including business interruption losses, ransom demands, loss of confidential data, and damage to IT systems.

Building on the requirement in the European Network Information Security Directive for certain firms to provide notification of cyber incidents from 2018, this data could be anonymised and made accessible to insurers who could then use it to improve pricing and potentially put the UK at the forefront of the global market. More information on the nature of cyber attacks could help grow the insurance market, so offering more choice for businesses.

While several states in the USA require firms to report any cyber breaches to the authorities, a national database accessible to insurers would be a world first.

Huw Evans, ABI’s director general, said, ‘Cyber losses are the biggest threat to Britain’s world leading digital economy, and we need to capture more data to get on top of the problem. We have 350 years of fire data and 100 years of motor and aviation data, but we have just a few years of cyber data. But cyber is the biggest insurable risk that the industry will have to meet, and it is critical to the economy.’

‘We’d like to see a not for profit, anonymised database covering things like business interruption costs, ransom demands, privacy breach claims and damage to IT systems.’

‘If it is not a requirement to report these losses, then insurers are not going to have the data they need to provide the right cover. It would have to be mandated by parliament, but it would need to be proportionate and manageable.

‘The UK insurance industry has always been at the heart of new markets, but the lack of data is a huge inhibitor to the UK being at the core of the cyber market. How do you build a business model in such a data light environment? Nothing hinders the growth of an insurance market more than a lack of data. More data can help stimulate the cyber insurance market, giving greater choice to businesses in insuring against cyber losses.’

And with three in four SME’s having suffered a security breach in the last year, the ABI has issued a guide, ‘Making Sense of Cyber Insurance’ explaining the key types of protection to look out for in cyber insurance policies. This includes cyber business interruption losses, privacy breach costs, cyber extortion, and cyber specialist support.

Matt Cullen, ABI’s assistant director, head of strategy, said, ‘Small and medium sized businesses are just as likely to be targeted by cyber criminals as larger firms, especially as many firms will have lower levels of data protection in place than larger organisations. A cyber-attack will often be very disruptive and costly, and in some cases, could even threaten a smaller firm’s existence. This is why the insurance industry is playing a crucial role in helping firms of all shapes and sizes improve their resilience to cyber-attacks, and help them recover if cyber criminals strike. This guide should be essential reading for every small and medium sized business.’

Mike Cherry, national chairman at the Federation of Small Business, said, ‘Smaller businesses are struggling with the increasing volume and sophistication of cyber attacks. While 93% have taken steps to protect their business from cyber crime, the growing number of businesses still falling victim is a worrying trend. FSB research has found the types of cyber crime most commonly affecting small businesses are phishing emails (49%), spear phishing emails (37%), and malware attacks (29%). To combat cyber crime, small firms need advice and practical guidance from Government and industry about how to become more resilient. This is a useful guide to a complex subject and it will hopefully help small firms better consider how to protect themselves and their data.’