Advancing Cyber Resilience Through Data-Driven Intelligence
Zurich Insurance Group (Zurich), together with the Cyber Threat Alliance and CyberGreen Institute, has published a new report “Enhancing cyber security: Key metrics for policymakers” urging the adoption of standardised national cyber security metrics. The report notes the global cyber risk protection gap of USD0.9 trillion, with insured losses covering only 1% of economic losses from cyber incidents.
The measures proposed in Zurich’s 2024 whitepaper, “Closing the Cyber Risk Protection Gap”, rely on robust quantitative data to enhance standards and best practices. While organisations like ENISA and CISA provide corporate-level frameworks, national metrics for policy decision-making are largely absent. Zurich’s new report introduces six key metrics and an institutional framework for governments to help clarify national cyber risk, strengthen resilience, and enable informed policy decisions:
1. Percentage of organisations with cyber insurance or audit certification: Measures preparedness and understanding of cyber security.
2. Proportion of exploited vulnerabilities older than one year: Indicates ecosystem defense and remediation speed.
3. Number of significant cyber incidents: Reflects national detection and analysis capabilities.
4. Average time to containment of cyber incidents: Demonstrates ability to halt the spread of threats.
5. Mean time to restore operations: Assesses speed of recovery after incidents.
6. Percentage of unfilled cyber security positions: Gauges workforce capacity to manage risks.
Establishing National Cyber Statistics Bureaus – dedicated institutions for collecting these metrics – would ensure consistent incident reporting, track threats and resilience, publish key analyses, and assess security regulation effectiveness. These bureaus could also support a supra-national body to aggregate findings, enabling deeper global comparisons and insights into evolving threats.
To move from currently fragmented, reactive approaches to a unified, data-driven strategy, Zurich calls on policymakers to:
• Collaborate on data collection: Move from reactive incident reporting to proactive, cross-sector data sharing
• Establish dedicated entities: Create or empower national and global institutions to collect, analyse, and report cyber statistics across industries and borders
• Harmonise standards and frameworks: Align definitions, benchmarks, and reporting protocols.
Further information
• The report “Enhancing cyber security: Key metrics for policymakers” is available for download.
• Whitepaper ‘Closing the Cyber Risk Protection Gap’ (published in 2024)
About Zurich Insurance Group
Zurich Insurance Group (Zurich) is a leading global multi-line insurer founded more than 150 years ago, which has grown into a business serving more than 75 million customers in more than 200 countries and territories, while delivering industry-leading total shareholder returns.
Reflecting its purpose to ‘create a brighter future together,’ Zurich offers protection services that go beyond traditional insurance, to support its customers in building resilience. Since 2020, the Zurich Forest project supports reforestation and biodiversity restoration in Brazil’s Atlantic Forest.
The Group has more than 63,000 employees and is headquartered in Zurich, Switzerland. Zurich Insurance Group Ltd (ZURN) is listed on the SIX Swiss Exchange and has a level I American Depositary Receipt (ZURVY) program, which is traded over-the-counter on OTCQX. Further information is available at www.zurich.com.
About Zurich Malaysia
Zurich Malaysia is a collective reference term for the Zurich Insurance Group (Zurich) business subsidiaries operating in Malaysia: Zurich General Insurance Malaysia Berhad, Zurich Life Insurance Malaysia Berhad, Zurich General Takaful Malaysia Berhad and Zurich Takaful Malaysia Berhad. Zurich Malaysia offers a broad range of comprehensive insurance and takaful solutions; helping individuals as well as business owners understand and protect themselves, their businesses and their assets from risk. Zurich Malaysia has an integrated branch network in major cities nationwide as well as dedicated agency and distribution channels nationwide to serve the needs of its customers. For further information on Zurich Malaysia, visit www.zurich.com.my.