Day 2

Introduction: Cybergeddon or a manageable risk?

  • Presentation of the FERMA/ECIIA cyber risk governance report
  • Preliminary findings of the OECD/FERMA joint survey on Digital Security Risk Management
  • Work of the CRO Forum on taxonomy



Deep dive into cyber insurance

The purpose of this session is to provide risk managers with tools to address the purchase of cyber insurance in this evolving market. The round table discussions will help risk managers develop their understanding of the information needed from the tender process to claims management so they can optimise coverage and recoveries for their organisation. Key questions include:

  • Which stakeholders within the organisation need to be involved in the tender/ placement process?
  • What information do we need to gather for the placement process?
  • How do we balance the carrier’s need for information with the feasibility of gathering that information?
  • How do we determine the right limits to purchase?
  • What makes a cyber claim successful?


Applying lessons learned

Closed session - Chatham House Rule 

Two exceptional guest speakers will share their experience of large-scale cyber attacks on their companies in 2017. The risk managers of Maersk and Telefonica will describe their level of preparation before the incident, the way they managed the crisis and the lessons learned.

By attending this session, you will learn how to:

  • engage with your key business partners and coordinate with non-technical teams in HR, legal, operations and top management
  • anticipate future crises with the right governance and processes to improve theresilience of your organisation
  • embed insurance within the cyber crisis management
  • position yourself during the crisis and the remediation phase to restore the business


Quantification of cyber risks

This session will introduce a method for quantifying cyber risks through a practical and lively exercise. Participants will be given hypothetical cyber catastrophic scenarios based on a fictional company. They will apply the methodology to these scenarios, including by working collaboratively across the organisation to define what inputs are needed, such as the number of affected clients and business interruption duration. Finally, the exercise will lead to a calculation of the potential financial impact of the cyber disaster on the organisation.