Insurers’ key role in increasing cyber resilience
Although increased digitalisation has obvious benefits for society, it also brings risks. The potential for serious economic and commercial repercussions, illustrated by events such as the WannaCry ransomware attack, means that increasing the cyber resilience of businesses and society is vital. The COVID-19 pandemic has also demonstrated the importance of digitalisation for societies to be able to operate and the need for this environment to be safe.
The insurance industry has a key role to play, not only in providing insurance cover, but also in helping their clients avoid cyber risks and mitigate their impact when they materialise. Insurers’ advice on prevention and mitigation builds on many years of insuring other large and multifaceted events, such as natural catastrophes.
Insurers’ own cybersecurity
National insurance association initiatives
Data breach notification template
To facilitate the development of the EU cyber-insurance market, insurers should have access to anonymised data collected under the EU’s General Data Protection Regulation (GDPR) and Network Information Security Directive.
Insurance Europe has developed a template for breach notifications under the GDPR. It is easy to use and allows the information to be compared across sectors. The data gathered would be anonymised but sufficiently granular to be of use to insurers.
One obligation under the GDPR is for companies to notify (personal) data breaches to their supervisory authority.
Insurance Europe has developed a template that could make it easier and quicker to report breaches. And the standardised format could enable supervisors to share incident data across borders and to better detect trends in cyber threats.
The template is set up in such a way that the information can be shared without the need to be anonymised or aggregated, as it will not be possible to identify the company through the information submitted.
Currently, the lack of available information on cyber events hampers efforts to defend against cyber attacks. For example, lack of data limits insurers’ ability to offer cyber-risk cover and related services. This could change if insurers were granted access to the (anonymised) data gathered by supervisory authorities.
How it works
The template has three sections:
The multiple choice answers or numerical fields in sections 2 and 3 aid comparison of the information between companies and sectors, and ensure anonymity.