|
However, their efforts are being hindered primarily by one particular challenge: a lack of information on cyber attacks. There is also a pressing need to increase general awareness about cyber risk. These were the central messages from a special event on cyber risk held today by Insurance Europe, the European insurance and reinsurance federation.
Regarding the first challenge, insurers would be able to offer far more tailored protection and advice if they could access anonymised information on cyber attacks. Two incoming pieces of EU legislation, which are currently being implemented, offer a significant opportunity for this to happen.
Michaela Koller, director general at Insurance Europe, commented: “Two recently adopted pieces of EU legislation — the General Data Protection Regulation (GDPR) and the Directive on Security of Network and Information Systems (NIS) — will generate a wealth of new cyber incident-related data. Insurers could significantly enhance their ability to contribute towards the fight against cyber risks, if given access to this information in an anonymised form.”
Regarding the need to raise awareness about cyber risks, insurance associations are already playing a significant role. Some have produced brochures for SMEs that provide tips and information on how they can anticipate and minimise the impact of cyber risks, while others have developed guidelines that enable SMEs to audit their own cyber-resilience. Examples of these programmes are available here.