A new report from the European Network and Information Security Agency (ENISA) calls for kick-start in cyber insurance market. According to ENISA, if the cyber insurance market can be kick started, Europe’s citizens and businesses could benefit from better protection for their computer systems and data.

The ‘Incentives and barriers to the cyber insurance market in Europe’ report presented by the European Network and Information Security Agency (ENISA) highlights that while cyber security is an important concern for European and national policy makers, businesses and citizens, the traditional coverage offered by Europe’s insurance providers may, with some exceptions, not comprehensively address digital risk. In April 2011, the European Commission also presented a critical Information Infrastructure Protection report.

Professor Udo Helmbrecht, ENISA’s Executive Director, stressed that there is potential for Europe’s cyber security policies and legislation must be complemented by a prevention-focused cyber insurance market. He also added that as well as providing reassurance that proper cover was available, a developed market in this area would help to improve levels of cyber security by putting a true cost on cyber incidents and showing the benefits of implementing good security practices. The report highlights that obstacles to the development of an effective cyber insurance market include lack of actuarial data on the extent of the risk and uncertainty about what type of risk should be insured against.

In order to address the obstacles, ENISA recommends the collection of empirical data on cyber insurance in Europe, looking at types of risk insured, premiums paid and levels of payouts to determine future trends. In addition, it also recommends the examination of incentives for firms to improve their data security as a way for them to reduce their risk and financial liability if they breach data protection regulations; also the establishment of agreed frameworks to help firms put a measurable value on their information; and an exploration of the role of governments as an insurer of last resort, following other models where policy intervention is in evidence when catastrophic risk is involved.