’The need to properly address systemic cyber risk has become more pressing than ever,’ says head of cyber strategy

Specialist cyber insurer CFC has revealed that it is set to launch its own cyber monitoring centre.

The new centre is set to come online on 1 January 2024 and address cyber risk following a rise in attacks.

For example, Howden’s Coming of Age report, which was published earlier this year (10 July 2023), showed that ransomware attacks surged by nearly 50% in the first half of this year compared to the same period in 2022.

James Burns, head of cyber strategy at CFC, said ”the need to properly address systemic cyber risk has become more pressing than ever”.

How it works

The new centre was announced CFC’s Cyber Forum last week (12 October 2023).

Burns explained that it would be able to monitor attacks in three stages – the first being to monitor cyber events as they start developing.

”An event alerting system will be established to aid this, with real time feed of anonymised claims data being used to establish triggers that identify spikes in claims.”

He explained the second job would be to define the attack, with it analysing the tactics, techniques and procedures deployed to establish what is happening during incidents, such as a malware outbreak, a mass extortion event, major data event or cloud failure.

The final task of the cyber monitoring centre will be to categorise the severity of the event.

This will be based on two primary factors, including how widespread the attack is and how significant the overall financial impact is.

Data sets

This came as Lloyd’s of London revealed yesterday (18 October 2023) that a major cyber attack financial services payments systems would result in widespread disruption to global business and potential global economic losses of $3.5tr (£2.8tr).

However, while cyber insurance is a growing market, Lloyd’s warned that it “still represents a small portion of the potential economic losses that businesses and society face”.

Burns said that when developing the new CFC centre, one of the challenges the firm identified early on was how to gauge the size of the affected population when an attack occurs.

“Insurance data sets are obviously naturally skewed to relatively low penetration rates of cyber insurance in the UK,” he said.

However, to help solve this and enhance the development of the project, the firm completed a consultation exercise with Lloyd’s and the National Cyber Security Centre and began reaching out to stakeholders, such as trade bodies, regulators and government departments.

And CFC hopes that as the initiative builds credibility, it will be in a position where the markets’ approach to systemic cyber risk will be “to choose the clarity that is sorely needs”.