Among the several features of cyber-attacks one wants to reproduce, those related to the memory of events and self-exciting behavior is of major importance, as it underlies the clustering and auto-correlation of times of cyber-attacks. In this paper, we propose a multivariate Hawkes framework for modelling and predicting cyber-attacks frequency. The inference is based on a public dataset containing features of data-breaches targeting the US industry. As a main output of this paper, we demonstrate the supremacy of Hawkes models over Poisson models. We also develop a penalized inference procedure to capture the relevant interactions between different classes of attacks, and detail prediction results providing the full distribution of future cyber-attacks times of occurrence. In addition we shows that a non-instantaneous excitation, which is not the classical framework of the exponential kernel, better fit with our data. In an insurance framework, this study allows to determine quantiles for an internal model as well as the frequency component for a data breach guarantee. In this occasion we provide the computation of the expectation of a multivariate non-stationary Hawkes process.