European Network and Information Security Agency (ENISA) has advocated to impose mandatory cyber insurance for firms and urged insurance firms to develop related schemes, which will assist them to save reputational damage.
The agency in its recently published report said that mandatory insurance will enable firms to counter unintended effects of harsh data breach notifications, by providing them required coverage.
The European Network and Information Security Agency (ENISA) has warned in a new report “Incentives and barriers of the cyber insurance market in Europe” that mere overhaul of data breach will not improve security.
According to the report, a more fully developed cyber insurance market in Europe will provide a market-based mechanism to allow companies to consider security measures more seriously rather than reputational damage and to invest in in “secondary” losses.
ENISA was quoted by CSO as saying that the short term limits proposed may further incentivise the affected firm to consider secondary rather than primary losses.
“One might further observe that a flourishing market will develop not aimed at remediation of the vulnerability that causes the loss but rather ‘reputational management’ for firms to reduce (if they can choose to disclose) secondary losses,” ENISA added.
ENISA has proposed that the firms must obtain mandatory cyber insurance for vendors that bid for government contracts, robust valuation of the costs of IT breaches, and the ability for European citizens to launch class action suits against companies that suffer a breach.
The proposal points out that the potential benefits of cyber specific insurance include tying investments in security to reduce premiums and also to drive IT security standards such as the ISO 2700x series into underwriting practices.