Europe’s citizens and businesses could benefit from better protection for their computer systems and data if the cyber insurance market can be kick started, says a new report from the European Network and Information Security Agency (ENISA).
The report , ‘Incentives and barriers to the cyber insurance market in Europe’ highlights the fact that while cyber security is an important concern for European and national policy makers, businesses and citizens, the traditional coverage offered by Europe’s insurance providers may, with some exceptions, not comprehensively address digital risk.
Obstacles to the development of an effective cyber insurance market include lack of actuarial data on the extent of the risk and uncertainty about what type of risk should be insured against. To address these issues, ENISA makes four recommendations:
▪ The collection of empirical data on cyber insurance in Europe, looking at types of risk insured, premiums paid and levels of payouts to determine future trends. The action could be taken by insurance underwriters, firms or regulatory authorities.
▪ The examination of incentives for firms to improve their data security as a way for them to reduce their risk and financial liability if they breach data protection regulations. Fact finding with the European Commission would be a first step to understanding this area.
▪ The establishment of agreed frameworks to help firms put a measurable value on their information. The work could be assisted by privacy and information security advisors, underwrites and the European Commission. ENISA could also provide further support.
▪ An exploration of the role of governments as an insurer of last resort, following other models where policy intervention is in evidence when catastrophic risk is involved. This could be investigated by EU Member State governments and the European Commission.