Insurance EuropeInsurance Europe
Press Release
More must be done to address lack of information on cyber attacks

Also vital to raise public awareness of cyber risks

Increasingly devastating cyber attacks mean it is vital for society to protect itself against this emerging threat. Insurers are part of the solution, and many already provide a range of services to their clients, including risk prevention, risk mitigation advice and risk transfer.

However, their efforts are being hindered primarily by one particular challenge: a lack of information on cyber attacks. There is also a pressing need to increase general awareness about cyber risk. These were the central messages from a special event on cyber risk held today by Insurance Europe, the European insurance and reinsurance federation.

Regarding the first challenge, insurers would be able to offer far more tailored protection and advice if they could access anonymised information on cyber attacks. Two incoming pieces of EU legislation, which are currently being implemented, offer a significant opportunity for this to happen.

Michaela Koller, director general at Insurance Europe, commented: “Two recently adopted pieces of EU legislation — the General Data Protection Regulation (GDPR) and the Directive on Security of Network and Information Systems (NIS) — will generate a wealth of new cyber incident-related data. Insurers could significantly enhance their ability to contribute towards the fight against cyber risks, if given access to this information in an anonymised form.”

Regarding the need to raise awareness about cyber risks, insurance associations are already playing a significant role. Some have produced brochures for SMEs that provide tips and information on how they can anticipate and minimise the impact of cyber risks, while others have developed guidelines that enable SMEs to audit their own cyber-resilience. Examples of these programmes are available here.  

Koller: “Action by authorities is also welcome. For example, the recent European Commission Cybersecurity Package is a step in the right direction, as it encourages member states to engage in awareness-raising. We look forward to seeing this translated into concrete action.”

A brochure from the event is available here.  

Published 18 October 2017