The fight to combat the $1 trillion global cybercrime industry is shackled because of inadequate datasets that could, if rectified, enable enterprises and insurance companies to counter cybercriminals, according to researchers at Lero, the Science Foundation Ireland Research Centre for Software.

The Lero team, based in the Emerging Risk Group at the University of Limerick’s Kemmy Business School, says the time has come to introduce mandatory reporting of cybercrime in all jurisdictions in their latest paper published in the academic journal – The Geneva Papers on Risk and Insurance.

Lead author Frank Cremer says there is a growing necessity for better cyber information sources, standardised databases, mandatory reporting and public awareness.

“Mandatory reporting of cyber incidents could help improve cyber understanding, awareness and loss prevention among companies and insurers. Through greater availability of data, cyber risks can be better understood, enabling researchers to conduct more in-depth research into these risks,” said Mr Cremer, who also conducted the research in collaboration with the Institute of Insurance Science, TH Köln in Germany.

Lero researcher Dr Barry Sheehan said most enterprises do not fully appreciate their vulnerability to cybercrime and threats.

“Companies could incorporate this greater understanding of their exposure to cyber risk into their corporate culture to bolster cyber defences. For insurance companies, this would have the advantage that all insurers would have the same understanding of cyber risks, which would support sustainable risk-based pricing. In addition, common definitions of cyber risks could be derived from new data,” he explained.

Lero’s Professor Martin Mullins said cybercrime is estimated to have cost the global economy just under $1 trillion in 2020, indicating an increase of more than 50% since 2018.

“With the average cyber insurance claim rising from $145,000 in 2019 to $359,000 in 2020, there is a growing necessity for better cyber information sources, standardised databases, mandatory reporting and public awareness.”

“Because of the lack of publicly available datasets, the criminals have the advantage. The datasets we want to see developed can help companies address cybersecurity as part of risk management and better assess their internal cyber posture and mitigation measures,”  stressed Prof. Mullins.

Notorious cyber attacks: 

  • The Colonial Pipeline paid a $4.4 million ransom to a hacker gang following an attack that substantially impacted the US economy.
  • After a hack on the Irish Health Service Executive (HSE), the Irish government faced a ransom payment of $20 million to restore services. They never paid.
  • A Miller and Valasek initiated cyber attack resulting in the recall of 1.4 million vehicles, costing car manufacturers €761 million.
  • According to a Whitehouse assessment, the NotPetya malware attack, originating in Russia, hit Ukraine and spread worldwide, costing at least $10 billion.