17 October 2017

Commercial Risk Europe: FERMA driving efforts to deliver quality cyber governance and insurance

Last month, the EC announced a package of measures to boost cybersecurity in the EU. Plans centre around a new EU Cybersecurity Agency by building on the remit and resources of the EU Agency for Network and Information Security (ENISA). The proposal will also see a blueprint developed to determine the roles of member states in case of cross-border cyber incidents.

The EC has also put forward a certification scheme for cybersecurity products and services, as well as new rules aimed at encouraging the free flow of non-personal data in the EU.

FERMA welcomed the EC’s cybersecurity package, having previously raised concerns about the lack of focus on risk governance in cybersecurity. The lack of cyber risk governance is a contributing factor behind large disruptive cyberattacks, such as the two global ransomware incidents earlier this year.

In June, FERMA and the European Confederation of Institutes of Internal Auditing (ECIIA) issued a joint cyber risk governance model. The two bodies are now collaborating to promote the cyber risk governance model at national level, from large organisation down to small and medium-sized enterprises.

The governance model should prove valuable for companies as they look to address cyber risk, and EU institutions as they attempt to bolster cybersecurity in Europe, according to Typhaine Beaupérin, CEO of FERMA.

The governance model will also help companies meet obligations under the forthcoming EU General Data Protection Regulation and Network Information Security Directive, FERMA said.

FERMA’s cyber risk governance model is a “pragmatic” set of risk management principles to help shape an organisation’s cyber risk governance framework, explained Philippe Cotelle, Ferma board member and one of the authors of the model’s accompanying report.

Full article on Commercial Risk (subscription required)

© Commercial Risk Europe