Cyber risk is potentially a catastrophe risk. While insurance can be useful, enterprise risk management is what makes organisations resilient, according to cyber expert Peter Hacker of Distinction.Global. Peter says the WannaCry extortion attack in May illustrates the capacity that criminals already have and which will only grow.

Peter and his fellow panel members will discuss WannaCry and other recent incidents at their workshop on Cyber risks: challenges and governance. Mario van der Giessen, Corporate Insurance Manager IKEA Group, Corporate Finance, Insurance, Tax & Treasury, urges risk managers to take advantage of this session, which he says will address fundamental questions for the risk manager including lessons from WannaCry and the implications of the EU General Data Protection Regulation (GDPR).”

Peter says that enterprise risk management was crucial in determining how well organisations in various parts of the world responded to the global ransomware attack. “In some cases, risk management readiness – proactive work between chief information security officer (CISO) and risk manager and stress testing of the arrangements – was crucial. It helped avoid material damage even from an economic loss point of view. In others, it was the direct opposite. Overall, this is the perfect case to promote risk management value.”

Fellow panelist Benno Reischel, Head of Europe at Lloyd’s, will talk about how the insurance industry is responding to such threats. “As WannaCry has demonstrated, upgrading IT systems can only take businesses so far. In reality, it’s how companies manage a cyber incident that can make or break them.

“Insurance plays a vital role and can help businesses not just in terms of cover for financial losses, but also by supporting them to meet regulatory obligations and deal with the potential operational and reputational fallout.”

This session will also be an opportunity for participants to discuss the European cyber risk governance recommendations that FERMA and the European Confederation of Internal Auditors (ECIIA) will publish on 29 June.


The workshop Cyber risks: challenges and governance will take place at 14.00-15.15 on 17 October.

For more information on the workshop, please click here


Published on 06.01.17 at 08:28