Lero researchers call for mandatory reporting on cyberattacks

10 Mar 2022

Image: © Bits and Splits/Stock.adobe.com

Researchers said mandatory reporting would increase the amount of available data, which would help enterprises counter cybercriminals and ‘bolster defences’.

Mandatory reporting of cyberattacks could help combat the growing $1trn global cybercrime industry, according to a team at Lero, the Science Foundation Ireland research centre for software.

A Lero research team based at the University of Limerick said mandatory cybercrime reporting “in all jurisdictions” would improve the amount of data available to researchers.

In a recently published paper, the team said improved datasets would help enterprises and insurance companies to counter cybercriminals. Lead author Frank Cremer also said there is a “growing necessity” for better cyber information sources and public awareness.

“Mandatory reporting of cyber incidents could help improve cyber understanding, awareness and loss prevention among companies and insurers,” Cremer said. “Through greater availability of data, cyber risks can be better understood, enabling researchers to conduct more in-depth research into these risks.”

Lero researcher Dr Barry Sheehan said companies could incorporate this greater understanding of their cyberattack exposure into their corporate culture to “bolster cyber defences”.

“For insurance companies, this would have the advantage that all insurers would have the same understanding of cyber risks, which would support sustainable risk-based pricing,” Sheehan added. “In addition, common definitions of cyber risks could be derived from new data.”

Cyberattacks are estimated to have cost the global economy more than $1trn in 2020, representing a 50pc increase in two years, according to a McAfee report.

Prof Martin Mullins, Lero researcher and co-leader of the Emerging Risk Group at University of Limerick, said the lack of publicly available data gives criminals the advantage.

“The datasets we want to see developed can help companies address cybersecurity as part of risk management and better assess their internal cyber posture and mitigation measures,” Mullins added.

There have been several high-profile cyberattacks in the past year highlighting the need for improved cyber defences. These include the HSE ransomware attack in Ireland, the attack on the world’s largest meat producer, the cyberattack on a major US gas pipeline and, most recently, the wave of cyberattacks hitting Ukraine.

Lero’s research was conducted in collaboration with the Cologne University of Applied Sciences in Germany.

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

Leigh Mc Gowran is a journalist with Silicon Republic