While in the US there are around 30-40 companies that offer cyber insurance, in Europe there are only a handful, according to a report released by the European Network and Information Security Agency (ENISA).
ENISA argues that such a market could have a positive impact on both consumers and businesses when it comes to the protection of data and computer systems.
The organization believes that there are a number of obstacles which prevent the “kick start” of such a market and most of them refer to uncertainties.
For instance, there isn’t enough data regarding the actual losses caused by a data breach. There are estimates, but there are discrepancies from one source to the other.
Furthermore, an insurance firm would also have difficulties in naming what risk is actually covered because cyber-security covers a wide area, including cybercrime and cyberterorrism.
Technological advancements can also represent an issue, mainly because the fluctuations in risk caused by technology make it difficult to predict the impact of future losses based on cybersecurity events from the past.
There is also a false perception that the insurance products currently offered are sufficient.
The security agency makes a number of recommendations that could help address these issues.
Among these recommendations we find the collection of relevant empirical data in Europe, the examination of incentives that could determine an organization to improve its data security to reduce risk, and the establishment of frameworks that would help firms attribute a value to their information.
“This new ENISA report indicates that there is potential for Europe’s cyber security policies and legislation must be complemented by a prevention-focused cyber insurance market,” said ENISA’s Executive Director, Professor Udo Helmbrecht.
“As well as providing reassurance that proper cover was available, a developed market in this area would help to improve levels of cyber security by putting a true cost on cyber incidents and showing the benefits of implementing good security practices.”
The complete report, “Incentives and barriers of the cyber insurance market in Europe,” is available here