A coalition of insurance industry risk managers are looking to produce a report on the standard methods for reporting cyber incidents to a national data repository. This methodology is intended to increase the accuracy of the data and to boost the effectiveness of assessing and pricing cyber risks for insurers and their industry. According to the CRO, an organization comprised of chief risk officers from multinational firms “inaccurate or inconsistent data would, of course, significantly reduce the value of the repository and the associated categorizations methodology.” They plan to publish proposed methodology for cyber incident report in the last quarter of 2016.
In addition to the CRO, others in the insurance industry are supporting this report. Swiss Re, a large reinsurance firm, has voiced their support in a letter to the Department of Homeland security “the proposed methodology relies on existing cyber incident reporting the occurrences within IT and Risk Management functions, in order to encourage consistent data capture and reporting.” The development and maintenance of the proposed repository would be assumed by the private sector and could be either a for-profit or non-profit venture.