1. 16 September 2013
Press Release
Risk managers must be stakeholders in cyber risk
management
Today, cyber risks are high on the list of the most
significant risks that organisations say they face, but
FERMA board member Julia Graham believes that
many risk managers are not yet playing a full part in
their management.
“There is a tendency in my experience for risk
managers to step away from this subject, ceding it
to the domain of the chief information officer or his
or her equivalent. Yet, this is not only an IT risk. It is an
enterprise risk, and risk managers must step up and
be stakeholders in its management,” she says.
The issues of risk management, risk financing and
who should be involved in the management of
cyber risks will be the subject of a workshop at the
FERMA Forum, which starts on 29 September in
Maastricht. Julia has a particular interest in cyber
risks and urges risk managers to take part. (See
below for a link to full details).
She says, “You don't need to be a technology geek
to have enough understanding to manage the risk,
and there are readily available sources of
information and guides that provide the risk
manager with easy to digest advice that’s also fit for
the board.”
2. Cyber-security, she says, “should be integrated into
the enterprise risk management (ERM) system, and
boards should play a critical oversight role. They
should ask more detailed questions about cybersecurity threats and responses than they have in the
past.”
Nor does risk management end once the risk
management approach has been agreed. “Cyber
threats are exceeding the pace of enhancements in
information security. The management of cyber risks
should be a continuous process and part of the way
an organisation manages all risks", says Julia.
Cyber insurance
The European Commission is exploring the cybersecurity insurance market, a process which FERMA is
contributing to.
Julia comments that the scope and limits of cover
and entrants to the market for cyber insurance have
improved considerably over the past 24 months. She
welcomes a trend toward bundling the insurance
cover with appropriate value-added solutions,
including support for breach detection and
response.
At the same time, she argues that before insurance
is considered, the risk should be assessed, controls
understood and, where appropriate, improved.
There should then be a gap analysis against existing
insurance programmes - some cyber risks will already
be covered - and the residual risk evaluated. Only
then, is it worth considering whether what risk
remains should be insured.
Julia points out that the cyber insurance is still in
development and coverage needs to be matched
to the exposure which varies considerably with the
type of business. “The same policy will not suit
companies with financial data from consumers,
design-led businesses, law firms and other
3. consultants with valuable intellectual property, and
critical infrastructure. Buyers should also check what
cover they have under existing programmes,” she
concludes.
For full details of the FERMA Forum, see
http://www.ferma.eu/ferma-forum-2013/
FERMA welcomes journalists to the Forum. To receive a
free press pass: use the new users’ registration box in the
following link to register for the FERMA Forum – https://bcom.mcigroup.com/Registration/FERMA2013/COMPLIMENTARY.as
px Insert the PrFF2013 discount code in the relevant field.
For more information, contact
Lee Coppack
FERMA media coordinator
or +44 (0)20 8318 0330/+44 (0)7843 089904
Or
Florence Bindelle (assistant Christel Jaumoulle)
FERMA executive manager
florence.bindelle@ferma.eu or +32 (2) 761 94 31
About FERMA
The Federation of European Risk Management
Associations (FERMA) brings together 22 national risk
management associations in 20 European countries.
FERMA has 4,200 individual members representing a
wide range of business sectors from major industrial
and commercial companies to financial institutions
and local government bodies. These members play
a crucial role for their organisations with respect to
the management and treatment of complex risks
and insurance issues.
Member associations are from the following
countries: Belgium (BELRIM), Czech Republic (ASPAR
CZ), Denmark (DARIM), Finland (FinnRiMa), France
(AMRAE), Germany (DVS/BfV), Italy (ANRA),
Luxembourg (ALRiM), Malta (MARM), Netherlands
(NARIM), Norway (NORIMA), Poland (POLRISK),
Portugal (APOGERIS), Russia (RusRisk), Slovenia
(Sl.RISK), Spain (AGERS and IGREA), Sweden