The need for a cyber incident database

04 July 2017

As organisations and businesses recover from last month’s ‘WannaCry’ cyber-attack, the Association of British Insurers (ABI) is calling for a national database to record details of cyber incidents.

Increased transparency of data on cyber losses will be vital to both the development of the cyber insurance market and to better cyber security by companies.

In the case of insurance, the sharing of robust impartial data on cyber incidents could accelerate the growth and development of the cyber insurance market, potentially enabling insurers to offer more capacity and broader cover.

The lack of data on cyber losses is a “huge inhibitor” to the development of the cyber insurance market, according to the ABI. Insurers have access to over 350 years of fire data and 100 years of motor and aviation data, but have just a few years of cyber data, it says.

A central database would enable insurers to more accurately price cyber risk. More data should allow insurers to be more consistent in their pricing, reducing volatility in the market following large cyber-attacks.

ABI’s Plan

The ABI proposes to establish a not-for-profit database to record the details of cyber incidents including business interruption losses, ransom demands, loss of confidential data and damage to IT systems.

The database would build on the European Network Information Security Directive and the General Data Protection Regulations (GDPR), which require companies to report certain cyber incidents to regulators. The ABI believes that this data could be anonymised and made accessible to insurers.

The Association and other insurance industry representatives are reportedly in talks with the Information Commissioner’s Office (ICO) about establishing a cyber incident information sharing platform. It believes that such a national database would be a world first, although several states in the US already require firms to report any cyber breaches to the authorities.

Download Cyber Decoder – June 2017

For further information, please contact Sarah Stephens, Head of Cyber, Content and New Technology Risks on



Find out more

Read our Cyber Risks & Insurance Insights

Read more

Receive our monthly cyber risk newsletter